Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page "trusted e-mail program"?? = adirka.exe
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 3 1 23
 
LinkBack Thread Tools
Old 04-02-2007, 08:37 PM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


"trusted e-mail program"?? = adirka.exe
i'm an average every day user who has Windows XP on a Dell machine and have had McAfee on it since day 1. recently i was prompted to upgrade my McAfee security center and then started having problems. doing some preliminary searching it seems that c:\windows\system32\adirka.exe is some kind of trojan or something and i noticed in my security center that it is listed as a 'trusted e-mail program'. when i tried to remove it, it later came back. in my systray i can see that many, many e-mails are somehow being sent. i talked to 2 mcafee techs and they couldn't help me. i ran a hijackthis log and was advised to post it here. i hope someone can help.

Logfile of HijackThis v1.99.1
Scan saved at 9:47:01 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\adirss.exe
C:\WINDOWS\system32\lnwin.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\adirka.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\McAfee\MSC\mcshell.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\COMMON~1\mcafee\emproxy\emtray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Fritz\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=041607 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\system32\adirka.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-03-2007, 02:32 PM   #2 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
bump

please help if you can, as i hate to think my pc may be being used to hurt other people's pc's.

thanks!
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-04-2007, 05:45 AM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
bump
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-04-2007, 10:06 AM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,757
OS: 2000 Pro; XP Pro; XP Home


Re: "trusted e-mail program"?? = adirka.exe
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from one of these locations:
  2. Double click on ComboFix.exe & follow the prompts.
  3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-04-2007, 04:48 PM   #5 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
Does it matter if I do this in Safe Mode (as that's what I've been using)?

fritz
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-04-2007, 08:19 PM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,757
OS: 2000 Pro; XP Pro; XP Home


Re: "trusted e-mail program"?? = adirka.exe
It's better if you do not run the tools from safe mode, please.

Can't you boot into normal mode? Your HJT log appears to be from normal mode.

Whatever you do, do NOT use Safe Mode with Networking. This gives the infections unfettered access to the internet, as your AV is generally inactive.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-05-2007, 07:58 PM   #7 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
"Fritz" - 07-04-05 21:46:00 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Fritz\Desktop"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adirka.exe
C:\WINDOWS\system32\adirss.exe
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\dd.exe
C:\WINDOWS\system32\lnwin.exe
C:\WINDOWS\system32\ma.exe.exe
C:\WINDOWS\system32\pp.exe.exe
C:\WINDOWS\system32\sm.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\via.exe
C:\WINDOWS\system32\wincom32.ini
C:\WINDOWS\system32\wincom32.sys
C:\WINDOWS\system32\zlbw.dll
C:\WINDOWS\system32\winsub.xml


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_WINCOM32


((((((((((((((((((((((((((((((( Files Created from 2007-03-05 to 2007-04-05 ))))))))))))))))))))))))))))))))))


2007-04-04 21:42 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-04 21:23 86,528 --a------ C:\WINDOWS\system32\mmn.exe.exe
2007-04-04 21:23 6,783 --a------ C:\WINDOWS\system32\cuhnbmdz.exe
2007-04-04 19:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-04 19:21 86,528 --a------ C:\WINDOWS\system32\mmn.exe
2007-04-02 21:26 <DIR> d--hs---- C:\WINDOWS\CSC
2007-04-02 19:36 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-04-02 19:35 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-04-02 19:35 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-04-02 19:35 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-04-02 19:35 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-04-02 19:35 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-04-02 19:35 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-04-02 19:35 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-04-02 19:26 7,286 --a------ C:\WINDOWS\system32\smt.exe
2007-04-02 19:26 59,904 --a------ C:\WINDOWS\system32\grlib.dll
2007-03-29 17:33 7,296 --a------ C:\WINDOWS\system32\spooldr.sys
2007-03-27 23:25 6,806 --a------ C:\WINDOWS\system32\wsqocywa.exe
2007-03-20 20:49 6,845 --a------ C:\WINDOWS\system32\wdynoric.exe
2007-03-15 19:34 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-03-15 19:31 <DIR> d-------- C:\Program Files\Corel
2007-03-15 19:05 8,138 --------- C:\WINDOWS\system32\drivers\PenClass.sys
2007-03-15 19:05 679,936 --------- C:\WINDOWS\system32\Tablet.exe
2007-03-15 19:05 44,544 --------- C:\WINDOWS\system32\TabHook.dll
2007-03-15 19:05 15,744 --------- C:\WINDOWS\system32\Wintab.dll
2007-03-15 19:05 102,400 --------- C:\WINDOWS\system32\Wintab32.dll
2007-03-15 19:05 0 --a------ C:\WINDOWS\system32\tablet.dat
2007-03-15 19:05 <DIR> d-------- C:\WINDOWS\system32\WTablet
2007-03-15 19:05 <DIR> d-------- C:\Program Files\Tablet
2007-03-13 19:06 6,737 --a------ C:\WINDOWS\system32\fighaade.exe
2007-03-12 23:35 <DIR> d-------- C:\jollyrotors
2007-03-08 00:16 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-03-07 23:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nova Development
2007-03-07 23:18 <DIR> d-------- C:\Program Files\Nova Development
2007-03-07 23:17 <DIR> d-------- C:\Program Files\directx
2007-03-05 19:42 6,735 --a------ C:\WINDOWS\system32\hjsdioda.exe
2007-03-05 19:42 0 --a------ C:\WINDOWS\system32\user_32.dll
2007-03-05 19:42 0 --a------ C:\WINDOWS\system32\msdtc_32.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-05 21:03 -------- d-------- C:\Program Files\mcafee
2007-04-02 19:35 -------- d-------- C:\Program Files\mcafee.com
2007-04-01 23:42 -------- d-------- C:\DOCUME~1\Fritz\APPLIC~1\mcafee
2007-03-29 18:36 373632 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 23:48 -------- d-------- C:\Program Files\google
2007-02-26 18:29 6734 --a------ C:\WINDOWS\system32\znczazjy.exe
2007-02-23 21:03 -------- d-------- C:\Program Files\viewpoint
2007-02-18 21:16 6421 --a------ C:\WINDOWS\system32\pufoycnh.exe
2007-02-01 21:00 6034 --a------ C:\WINDOWS\system32\nfopolgz.exe
2007-01-09 22:40 6309 --a------ C:\WINDOWS\system32\oaplgzmi.exe
2007-01-09 22:40 4 --a------ C:\WINDOWS\system32\oiso.bin


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"adirka"="C:\\WINDOWS\\system32\\adirka.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"EPSON Stylus CX4600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9AA.EXE /P26 \"EPSON Stylus CX4600 Series\" /O6 \"USB001\" /M \"Stylus CX4600\""
"EPSON Stylus CX4800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIADA.EXE /P26 \"EPSON Stylus CX4800 Series\" /O6 \"USB002\" /M \"Stylus CX4800\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Corel Painter Essentials 21a"="C:\\Program Files\\Corel\\Corel Painter Essentials 2\\registration.exe /title=\"Corel Painter Essentials 2\" /date=041607 serial=PE02CBX-0000003-NMD lang=EN"
"sysinter"="C:\\WINDOWS\\system32\\adirss.exe"
"lnwin.exe"="C:\\WINDOWS\\system32\\lnwin.exe"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

HKLM\SYSTEM\CurrentControlSet\Services\winmgmtb11-743f

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\windev-1631-79fe.sys 135168 bytes
C:\WINDOWS\system32\windev-6267-7c0d.sys 135168 bytes
C:\WINDOWS\system32\windev-b11-743f.sys 135168 bytes
C:\WINDOWS\system32\windev-peers.ini 16384 bytes

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 4

********************************************************************

Completion time: 07-04-05 21:49:30
C:\ComboFix-quarantined-files.txt ... 07-04-05 21:49
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-05-2007, 08:00 PM   #8 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
Deckard's System Scanner v20070328.36
Run by Fritz on 2007-04-05 at 21:54:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
59: 2007-04-06 01:54:14 UTC - RP253 - Deckard's System Scanner Restore Point
58: 2007-04-06 00:45:43 UTC - RP252 - Software Distribution Service 2.0
57: 2007-04-05 01:22:05 UTC - RP251 - System Checkpoint
56: 2007-04-03 01:40:38 UTC - RP250 - Software Distribution Service 2.0
55: 2007-04-01 13:48:39 UTC - RP249 - Software Distribution Service 2.0


-- First Restore Point --
1: 2007-01-03 23:34:23 UTC - RP195 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Fritz.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:55:19 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Fritz\Local Settings\Temporary Internet Files\Content.IE5\24AZZ9TO\dss[1].exe
c:\program files\mcafee\mpf\mc\mpfalert.exe
C:\PROGRA~1\HIJACK~1\Fritz.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Corel Painter Essentials 21a] C:\Program Files\Corel\Corel Painter Essentials 2\registration.exe /title="Corel Painter Essentials 2" /date=041607 serial=PE02CBX-0000003-NMD lang=EN
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\system32\adirka.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys
R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys
R1 MPFP - c:\windows\system32\drivers\mpfp.sys
R1 sscdbhk5 - c:\windows\system32\drivers\sscdbhk5.sys
R1 ssrtln - c:\windows\system32\drivers\ssrtln.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys
R2 BQWYJKEJ - c:\windows\system32\bqwyjkej.twf
R2 drvnddm - c:\windows\system32\drivers\drvnddm.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R2 tfsnboio - c:\windows\system32\dla\tfsnboio.sys
R2 tfsncofs - c:\windows\system32\dla\tfsncofs.sys
R2 tfsndrct - c:\windows\system32\dla\tfsndrct.sys
R2 tfsndres - c:\windows\system32\dla\tfsndres.sys
R2 tfsnifs - c:\windows\system32\dla\tfsnifs.sys
R2 tfsnopio - c:\windows\system32\dla\tfsnopio.sys
R2 tfsnpool - c:\windows\system32\dla\tfsnpool.sys
R2 tfsnudf - c:\windows\system32\dla\tfsnudf.sys
R2 tfsnudfa - c:\windows\system32\dla\tfsnudfa.sys
R2 windev-b11-743f - c:\windows\system32\windev-b11-743f.sys
R3 BEFCMV3XP (Linksys BEFCMU10 EtherFast Cable Modem) - c:\windows\system32\drivers\befcm3xp.sys
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys
R3 STHDA (High Definition Audio Driver (WDM) - SigmaTel CODEC) - c:\windows\system32\drivers\sthda.sys
R3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys

S3 SDDMI2 - c:\windows\system32\ddmi2.sys
S4 cbidf - c:\windows\system32\drivers\cbidf2k.sys
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 MSK80Service (McAfee SpamKiller Service) - "c:\program files\mcafee\msk\msksrver.exe"
R2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsdeviceconnect.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe"

S2 TabletService - c:\windows\system32\tablet.exe
S3 MHN - c:\windows\system32\svchost.exe -k netsvcs


-- Scheduled Tasks -------------------------------------------------------------

2007-04-02 19:35:30 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job<MCDEFR~1.JOB>
2007-04-02 19:35:29 352 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-03-05 and 2007-04-05 -----------------------------

2007-04-04 21:42:22 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-04-04 21:23:18 6783 --a------ C:\WINDOWS\system32\cuhnbmdz.exe
2007-04-04 19:35:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-04-04 19:21:36 86528 --a------ C:\WINDOWS\system32\mmn.exe
2007-04-02 21:26:00 0 d--hs---- C:\WINDOWS\CSC
2007-04-02 19:36:28 143360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-04-02 19:35:42 37480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-04-02 19:35:42 32008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-04-02 19:35:42 34184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-04-02 19:35:41 170408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-04-02 19:35:41 71496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-04-02 19:35:38 109608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-04-02 19:35:17 0 d-------- C:\Program Files\Common Files\McAfee
2007-04-02 19:26:54 7286 --a------ C:\WINDOWS\system32\smt.exe
2007-04-02 19:26:54 59904 --a------ C:\WINDOWS\system32\grlib.dll
2007-03-29 17:33:03 7296 --a------ C:\WINDOWS\system32\spooldr.sys
2007-03-27 23:25:11 6806 --a------ C:\WINDOWS\system32\wsqocywa.exe
2007-03-20 20:49:17 6845 --a------ C:\WINDOWS\system32\wdynoric.exe
2007-03-15 19:34:59 90112 --a------ C:\WINDOWS\unvise32.exe
2007-03-15 19:31:32 0 d-------- C:\Program Files\Corel
2007-03-15 19:05:41 0 --a------ C:\WINDOWS\system32\tablet.dat
2007-03-15 19:05:38 0 d-------- C:\Program Files\Tablet
2007-03-15 19:05:36 0 d-------- C:\WINDOWS\system32\WTablet
2007-03-15 19:05:36 8138 -----n--- C:\WINDOWS\system32\drivers\PenClass.sys
2007-03-15 19:05:35 102400 -----n--- C:\WINDOWS\system32\Wintab32.dll
2007-03-15 19:05:35 15744 -----n--- C:\WINDOWS\system32\Wintab.dll
2007-03-15 19:05:35 679936 -----n--- C:\WINDOWS\system32\Tablet.exe
2007-03-15 19:05:35 44544 -----n--- C:\WINDOWS\system32\TabHook.dll
2007-03-13 1912 6737 --a------ C:\WINDOWS\system32\fighaade.exe
2007-03-12 23:35:37 0 d-------- C:\jollyrotors<JOLLYR~1>
2007-03-08 00:16:21 0 d-------- C:\WINDOWS\system32\appmgmt
2007-03-07 23:27:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Nova Development<NOVADE~1>
2007-03-07 23:18:03 0 d-------- C:\Program Files\Nova Development<NOVADE~1>
2007-03-07 23:17:54 0 d-------- C:\Program Files\directx
2007-03-05 19:42:10 0 --a------ C:\WINDOWS\system32\msdtc_32.exe
2007-03-05 19:42:03 0 --a------ C:\WINDOWS\system32\user_32.dll
2007-03-05 19:42:02 6735 --a------ C:\WINDOWS\system32\hjsdioda.exe


-- Find3M Report ---------------------------------------------------------------

2007-04-05 21:03:57 0 d-------- C:\Program Files\McAfee
2007-04-02 19:35:26 0 d-------- C:\Program Files\McAfee.com
2007-04-01 23:42:47 0 d-------- C:\Documents and Settings\Fritz\Application Data\McAfee
2007-03-18 18:25:19 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-16 19:54:10 0 d-------- C:\Documents and Settings\Fritz\Application Data\Adobe
2007-03-12 23:11:29 0 d-------- C:\Program Files\Macromedia<MACROM~1>
2007-03-12 23:11:11 0 d-------- C:\Program Files\Common Files\Macromedia<MACROM~1>
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-07 23:48:11 0 d-------- C:\Program Files\Google
2007-03-06 22:01:16 0 d-------- C:\Documents and Settings\Fritz\Application Data\AdobeUM
2007-02-26 18:29:08 6734 --a------ C:\WINDOWS\system32\znczazjy.exe
2007-02-23 21:03:36 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-02-18 21:16:30 6421 --a------ C:\WINDOWS\system32\pufoycnh.exe
2007-02-01 21:00:12 6034 --a------ C:\WINDOWS\system32\nfopolgz.exe
2007-01-09 22:40:57 4 --a------ C:\WINDOWS\system32\oiso.bin
2007-01-09 22:40:55 6309 --a------ C:\WINDOWS\system32\oaplgzmi.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"adirka"="C:\\WINDOWS\\system32\\adirka.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"EPSON Stylus CX4600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9AA.EXE /P26 \"EPSON Stylus CX4600 Series\" /O6 \"USB001\" /M \"Stylus CX4600\""
"EPSON Stylus CX4800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIADA.EXE /P26 \"EPSON Stylus CX4800 Series\" /O6 \"USB002\" /M \"Stylus CX4800\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Corel Painter Essentials 21a"="C:\\Program Files\\Corel\\Corel Painter Essentials 2\\registration.exe /title=\"Corel Painter Essentials 2\" /date=041607 serial=PE02CBX-0000003-NMD lang=EN"
"sysinter"="C:\\WINDOWS\\system32\\adirss.exe"
"lnwin.exe"="C:\\WINDOWS\\system32\\lnwin.exe"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-04-05 at 21:55:47 ---------
Attached Files
File Type: txt extra.txt (14.4 KB, 1 views)
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-05-2007, 08:03 PM   #9 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
just an additional note...i have not noticed the icon in the systray that has been mass-mailing things. and i've received some mcafee notifications of at least two new trojans, so i don't know if mcafee is now catching what was my problem or not.
fritz
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-06-2007, 06:42 AM   #10 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,757
OS: 2000 Pro; XP Pro; XP Home


Re: "trusted e-mail program"?? = adirka.exe
You have quite a nest of nasties and possible nasties....time to send in more tools.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please go to: VirusTotal
  • At the top of the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following in BOLD:

    C:\WINDOWS\system32\cuhnbmdz.exe


  • Then click the "Send" button at the top of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Then repeat as above for the following files in BOLD:

    C:\WINDOWS\system32\mmn.exe
    C:\WINDOWS\system32\grlib.dll
    C:\WINDOWS\system32\smt.exe
    C:\WINDOWS\system32\wsqocywa.exe
    C:\WINDOWS\system32\wdynoric.exe
    C:\WINDOWS\system32\hjsdioda.exe
    c:\windows\system32\windev-b11-743f.sys
    C:\WINDOWS\system32\pufoycnh.exe
    C:\WINDOWS\system32\nfopolgz.exe
    C:\WINDOWS\system32\oaplgzmi.exe
  • Once scanned, copy and paste the results in your next reply.


---------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the main Status screen, under Your Computer's Security, click Resident Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

MyWay Search Assistant

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O4 - HKLM\..\Run: [sysinter] C:\WINDOWS\system32\adirss.exe
O4 - HKLM\..\Run: [lnwin.exe] C:\WINDOWS\system32\lnwin.exe
O4 - HKCU\..\Run: [adirka] C:\WINDOWS\system32\adirka.exe


Close HijackThis now.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following if they exist:

C:\Program Files\MyWaySA
C:\WINDOWS\system32\adirss.exe
C:\WINDOWS\system32\lnwin.exe
C:\WINDOWS\system32\adirka.exe
C:\WINDOWS\system32\spooldr.sys
C:\WINDOWS\system32\msdtc_32.exe
C:\WINDOWS\system32\oiso.bin



---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

---------------------------------------------------------------------------------------------
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum at the end of this fix.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". (4th one down.)
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u1-windowsi586-p.exe to install the newest version.
  • After the install is complete, go back into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
    • Downloaded Applications
    • Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Please delete your version of ComboFix, and download it again, running it with these instructions:
  1. Download ComboFix from one of these locations:
  2. Double click on ComboFix.exe & follow the prompts.
  3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with results from:

VirusTotal Scans
SDFix (C:\SDFix\report.txt)
AVG Anti-Spyware
Panda online scan
ComboFix (C:\ComboFix.txt)
SmitfraudFix (C:\rapport.txt)
New HijackThis log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 10:11 AM   #11 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
STATUS: FINISHEDComplete scanning result of "cuhnbmdz.exe", received in VirusTotal at 04.07.2007, 17:40:18 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.07.2007 TR/Small.DBY.BP
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.06.2007 no virus found
AVG 7.5.0.447 04.07.2007 Downloader.Tibs
BitDefender 7.2 04.07.2007 Trojan.Peed.Gen
CAT-QuickHeal 9.00 04.06.2007 I-Worm.Zhelatine.cd
ClamAV devel-20070312 04.07.2007 Trojan.Small-1589
DrWeb 4.33 04.07.2007 Trojan.Packed.75
eSafe 7.0.15.0 04.07.2007 Win32.Zhelatin.bp
eTrust-Vet 30.7.3549 04.06.2007 no virus found
Ewido 4.0 04.07.2007 Worm.Zhelatin.bp
FileAdvisor 1 04.07.2007 no virus found
Fortinet 2.85.0.0 04.07.2007 suspicious
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.07.2007 Email-Worm.Win32.Zhelatin.bp
Ikarus T3.1.1.3 04.07.2007 Email-Worm.Win32.Zhelatin.cl
Kaspersky 4.0.2.24 04.07.2007 Email-Worm.Win32.Zhelatin.bp
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.07.2007 Worm:Win32/Nuwar.JD
NOD32v2 2172 04.07.2007 no virus found
Norman 5.80.02 04.05.2007 W32/Tibs.gen77
Panda 9.0.0.4 04.07.2007 Suspicious file
Prevx1 V2 04.07.2007 Dropper.Payload
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious
Symantec 10 04.07.2007 Trojan.Packed.13
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.06.2007 no virus found
VirusBuster 4.3.7:9 04.07.2007 Trojan.Tibs.Gen!Pac.90
Webwasher-Gateway 6.0.1 04.07.2007 Trojan.Small.DBY.BP


Aditional Information
File size: 6783 bytes
MD5: 9e082b7a6dd24e3a996b72adda00fe85
SHA1: d7b0a472fe6c0365b0f49e4e057071b0752bf660
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=cf5586924345
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 10:35 AM   #12 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
STATUS: FINISHEDComplete scanning result of "mmn.exe", received in VirusTotal at 04.07.2007, 18:18:36 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.07.2007 no virus found
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.06.2007 no virus found
AVG 7.5.0.447 04.07.2007 Generic3.TLS
BitDefender 7.2 04.07.2007 no virus found
CAT-QuickHeal 9.00 04.06.2007 SpamTool.Agent.af (Not a Virus)
ClamAV devel-20070312 04.07.2007 Trojan.Agent-3015
DrWeb 4.33 04.07.2007 no virus found
eSafe 7.0.15.0 04.07.2007 suspicious Trojan/Worm
eTrust-Vet 30.7.3549 04.06.2007 no virus found
Ewido 4.0 04.07.2007 Not-A-Virus.SpamTool.Win32.Agent.af
FileAdvisor 1 04.07.2007 no virus found
Fortinet 2.85.0.0 04.07.2007 W32/Agent.AF!tr
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.07.2007 SpamTool.Win32.Agent.af
Ikarus T3.1.1.3 04.07.2007 SpamTool.Win32.Agent.af
Kaspersky 4.0.2.24 04.07.2007 SpamTool.Win32.Agent.af
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.07.2007 no virus found
NOD32v2 2172 04.07.2007 Win32/Fuclip.T
Norman 5.80.02 04.05.2007 no virus found
Panda 9.0.0.4 04.07.2007 no virus found
Prevx1 V2 04.07.2007 Polynomial.Code.Exploit
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.07.2007 no virus found
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.06.2007 no virus found
VirusBuster 4.3.7:9 04.07.2007 no virus found
Webwasher-Gateway 6.0.1 04.07.2007 Riskware.Spam.Agent.AF


Aditional Information
File size: 86528 bytes
MD5: 69da73fca701e1eed43cc4787ae3556c
SHA1: 81f452cc271d068366bb5fa1ca3f97792b7b2864
packers: UPX
packers: UPX
packers: UPX
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=882087072741
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 10:53 AM   #13 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
STATUS: FINISHEDComplete scanning result of "grlib.dll", received in VirusTotal at 04.07.2007, 18:36:48 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.07.2007 no virus found
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.06.2007 no virus found
AVG 7.5.0.447 04.07.2007 no virus found
BitDefender 7.2 04.07.2007 no virus found
CAT-QuickHeal 9.00 04.06.2007 no virus found
ClamAV devel-20070312 04.07.2007 no virus found
DrWeb 4.33 04.07.2007 no virus found
eSafe 7.0.15.0 04.07.2007 no virus found
eTrust-Vet 30.7.3549 04.06.2007 no virus found
Ewido 4.0 04.07.2007 no virus found
FileAdvisor 1 04.07.2007 No threat detected
Fortinet 2.85.0.0 04.07.2007 no virus found
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.07.2007 no virus found
Ikarus T3.1.1.3 04.07.2007 no virus found
Kaspersky 4.0.2.24 04.07.2007 no virus found
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.07.2007 no virus found
NOD32v2 2172 04.07.2007 no virus found
Norman 5.80.02 04.05.2007 no virus found
Panda 9.0.0.4 04.07.2007 no virus found
Prevx1 V2 04.07.2007 no virus found
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.07.2007 no virus found
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.06.2007 no virus found
VirusBuster 4.3.7:9 04.07.2007 no virus found
Webwasher-Gateway 6.0.1 04.07.2007 no virus found


Aditional Information
File size: 59904 bytes
MD5: 80e41408f6d641dc1c0f5353a0cc8125
SHA1: 6d957ba632df5b06d49a901f2772df4301610a2a
Bit9 info: http://fileadvisor.bit9.com/services...0f5353a0cc8125
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 11:06 AM   #14 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
STATUS: FINISHEDComplete scanning result of "smt.exe", received in VirusTotal at 04.07.2007, 18:54:19 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.07.2007 TR/Small.DBY.BO
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.06.2007 no virus found
AVG 7.5.0.447 04.07.2007 Downloader.Tibs
BitDefender 7.2 04.07.2007 Trojan.Peed.Gen
CAT-QuickHeal 9.00 04.06.2007 I-Worm.Zhelatine.cb
ClamAV devel-20070312 04.07.2007 Trojan.Small-1581
DrWeb 4.33 04.07.2007 Trojan.Packed.74
eSafe 7.0.15.0 04.07.2007 Win32.Zhelatin.cj
eTrust-Vet 30.7.3549 04.06.2007 Win32/Tibs!generic
Ewido 4.0 04.07.2007 Worm.Zhelatin.cj
FileAdvisor 1 04.07.2007 no virus found
Fortinet 2.85.0.0 04.07.2007 W32/Tibs.CJ@mm
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.07.2007 Email-Worm.Win32.Zhelatin.cj
Ikarus T3.1.1.3 04.07.2007 Email-Worm.Win32.Zhelatin.cj
Kaspersky 4.0.2.24 04.07.2007 Email-Worm.Win32.Zhelatin.cj
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.07.2007 Worm:Win32/Nuwar.JD
NOD32v2 2172 04.07.2007 Win32/Nuwar.gen
Norman 5.80.02 04.05.2007 W32/Tibs.gen71
Panda 9.0.0.4 04.07.2007 Suspicious file
Prevx1 V2 04.07.2007 no virus found
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious
Symantec 10 04.07.2007 Trojan.Packed.13
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.06.2007 OScope.Worm.115.Nuwar
VirusBuster 4.3.7:9 04.07.2007 Trojan.Tibs.Gen!Pac.89
Webwasher-Gateway 6.0.1 04.07.2007 Trojan.Small.DBY.BO


Aditional Information
File size: 7286 bytes
MD5: 5cc8d32dcac9a5a45979357618272db7
SHA1: 2260bc0bc4cee35f449c203d41f94273cb2151b8
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 11:36 AM   #15 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
STATUS: FINISHEDComplete scanning result of "wsqocywa.exe", received in VirusTotal at 04.07.2007, 19:21:37 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.07.2007 TR/Small.DBY.BL
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.06.2007 Win32:Zhelatin-RB
AVG 7.5.0.447 04.07.2007 Downloader.Tibs.4.V
BitDefender 7.2 04.07.2007 GenPack:Trojan.Downloader.Small.AAU
CAT-QuickHeal 9.00 04.06.2007 I-Worm.Zhelatine.bx
ClamAV devel-20070312 04.07.2007 Trojan.Downloader.Small-3168
DrWeb 4.33 04.07.2007 Trojan.Packed.67
eSafe 7.0.15.0 04.07.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3549 04.06.2007 Win32/Tibs!generic
Ewido 4.0 04.07.2007 no virus found
FileAdvisor 1 04.07.2007 no virus found
Fortinet 2.85.0.0 04.07.2007 W32/Tibs.LK@mm
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.07.2007 Email-Worm.Win32.Zhelatin.bx
Ikarus T3.1.1.3 04.07.2007 Trojan.Peed.LM
Kaspersky 4.0.2.24 04.07.2007 Email-Worm.Win32.Zhelatin.bx
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.07.2007 Worm:Win32/Nuwar.gen
NOD32v2 2172 04.07.2007 Win32/Nuwar.gen
Norman 5.80.02 04.05.2007 W32/Tibs.gen70
Panda 9.0.0.4 04.07.2007 Trj/Alanchum.UJ
Prevx1 V2 04.07.2007 no virus found
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious
Symantec 10 04.07.2007 Trojan.Packed.13
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.06.2007 OScope.Worm.UK.Nuwar
VirusBuster 4.3.7:9 04.07.2007 Trojan.Tibs.Gen!Pac.83
Webwasher-Gateway 6.0.1 04.07.2007 Trojan.Small.DBY.BL


Aditional Information
File size: 6806 bytes
MD5: 88f2ec3b5a0a4f2eaf9a78c12940943f
SHA1: 9ec668be5e1027f092307225847d01f345eeb85e
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 11:50 AM   #16 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
STATUS: FINISHEDComplete scanning result of "wdynoric.exe", received in VirusTotal at 04.07.2007, 19:37:24 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.07.2007 TR/Small.DBY.AQ
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.06.2007 Win32:Zhelatin-MS
AVG 7.5.0.447 04.07.2007 Downloader.Tibs.4.M
BitDefender 7.2 04.07.2007 GenPack:Trojan.Downloader.Small.AAU
CAT-QuickHeal 9.00 04.06.2007 I-Worm.Zhelatine.bq
ClamAV devel-20070312 04.07.2007 Trojan.Small-1465
DrWeb 4.33 04.07.2007 Trojan.Packed.57
eSafe 7.0.15.0 04.07.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3549 04.06.2007 Win32/Tibs!generic
Ewido 4.0 04.07.2007 no virus found
FileAdvisor 1 04.07.2007 no virus found
Fortinet 2.85.0.0 04.07.2007 W32/Tibs.LD@mm
F-Prot 4.3.1.45 04.04.2007 W32/Downloader-Sml-based!Maximus
F-Secure 6.70.13030.0 04.07.2007 Email-Worm.Win32.Zhelatin.bq
Ikarus T3.1.1.3 04.07.2007 Email-Worm.Win32.Zhelatin.bq
Kaspersky 4.0.2.24 04.07.2007 Email-Worm.Win32.Zhelatin.bq
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.07.2007 Worm:Win32/Nuwar.gen
NOD32v2 2172 04.07.2007 Win32/Nuwar.gen
Norman 5.80.02 04.05.2007 W32/Tibs.gen64
Panda 9.0.0.4 04.07.2007 Trj/Gagar.DK
Prevx1 V2 04.07.2007 no virus found
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious
Symantec 10 04.07.2007 Trojan.Packed.13
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.06.2007 OScope.Worm.UK.Nuwar
VirusBuster 4.3.7:9 04.07.2007 Trojan.Tibs.Gen!Pac.75
Webwasher-Gateway 6.0.1 04.07.2007 Trojan.Small.DBY.AQ


Aditional Information
File size: 6845 bytes
MD5: 19d1e6759c5b72e952daabe659646628
SHA1: 79419c8e50e745e1d55d1028543c9544fb1ff293
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 12:04 PM   #17 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
STATUS: FINISHEDComplete scanning result of "hjsdioda.exe", received in VirusTotal at 04.07.2007, 19:51:03 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.07.2007 TR/Small.DBY.BC
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.06.2007 Win32:Zhelatin-CG
AVG 7.5.0.447 04.07.2007 Downloader.Tibs
BitDefender 7.2 04.07.2007 GenPack:Trojan.Downloader.Small.AAU
CAT-QuickHeal 9.00 04.06.2007 I-Worm.Zhelatine.az
ClamAV devel-20070312 04.07.2007 Trojan.Small-1348
DrWeb 4.33 04.07.2007 Trojan.Packed.44
eSafe 7.0.15.0 04.07.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3549 04.06.2007 Win32/Tibs!generic
Ewido 4.0 04.07.2007 no virus found
FileAdvisor 1 04.07.2007 no virus found
Fortinet 2.85.0.0 04.07.2007 W32/Tibs.KT@mm
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.07.2007 Email-Worm.Win32.Zhelatin.az
Ikarus T3.1.1.3 04.07.2007 Email-Worm.Win32.Zhelatin.az
Kaspersky 4.0.2.24 04.07.2007 Email-Worm.Win32.Zhelatin.az
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.07.2007 Worm:Win32/Nuwar.gen
NOD32v2 2172 04.07.2007 Win32/TrojanDownloader.Small.AVT
Norman 5.80.02 04.05.2007 W32/Tibs.gen47
Panda 9.0.0.4 04.07.2007 no virus found
Prevx1 V2 04.07.2007 no virus found
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious
Symantec 10 04.07.2007 Trojan.Packed.13
TheHacker 6.1.6.085 04.04.2007 W32/Zhelatin.gen
VBA32 3.11.3 04.06.2007 OScope.Worm.UK.Nuwar
VirusBuster 4.3.7:9 04.07.2007 Trojan.Tibs.Gen!Pac60
Webwasher-Gateway 6.0.1 04.07.2007 Trojan.Small.DBY.BC


Aditional Information
File size: 6735 bytes
MD5: 102fbd6c131433a635bbcb6f6050b829
SHA1: 880d35700f80bc65fcf5da145b16657c6d8793d0
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 12:24 PM   #18 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
STATUS: FINISHEDComplete scanning result of "windev-b11-743f.sys", received in VirusTotal at 04.07.2007, 20:05:19 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.07.2007 no virus found
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.06.2007 no virus found
AVG 7.5.0.447 04.07.2007 no virus found
BitDefender 7.2 04.07.2007 no virus found
CAT-QuickHeal 9.00 04.06.2007 no virus found
ClamAV devel-20070312 04.07.2007 no virus found
DrWeb 4.33 04.07.2007 no virus found
eSafe 7.0.15.0 04.07.2007 no virus found
eTrust-Vet 30.7.3549 04.06.2007 no virus found
Ewido 4.0 04.07.2007 Not-A-Virus.SpamTool.Win32.Agent.af
FileAdvisor 1 04.07.2007 no virus found
Fortinet 2.85.0.0 04.07.2007 no virus found
F-Prot 4.3.1.45 04.04.2007 W32/Dropper.gen6
F-Secure 6.70.13030.0 04.07.2007 SpamTool.Win32.Agent.af
Ikarus T3.1.1.3 04.07.2007 SpamTool.Win32.Agent.af
Kaspersky 4.0.2.24 04.07.2007 SpamTool.Win32.Agent.af
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.07.2007 no virus found
NOD32v2 2172 04.07.2007 Win32/Fuclip.T
Norman 5.80.02 04.05.2007 no virus found
Panda 9.0.0.4 04.07.2007 no virus found
Prevx1 V2 04.07.2007 Polynomial.Code.Exploit
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.07.2007 no virus found
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.06.2007 no virus found
VirusBuster 4.3.7:9 04.07.2007 no virus found
Webwasher-Gateway 6.0.1 04.07.2007 Riskware.Spam.Agent.AF.1


Aditional Information
File size: 133760 bytes
MD5: c564fd90b4659cfad415054cac01e205
SHA1: a3b636bbbe7c8e1fa91aef2cab03eec6ccf00f23
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=556987073686
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 12:40 PM   #19 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
STATUS: FINISHEDComplete scanning result of "pufoycnh.exe", received in VirusTotal at 04.07.2007, 20:25:04 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 Win32/Zhelatin.worm.6421.C
AntiVir 7.3.1.48 04.07.2007 Worm/Zhelatin.AH.3
Authentium 4.93.8 04.06.2007 W32/EmailWorm.EKL
Avast 4.7.936.0 04.06.2007 Win32:Zhelatin-ME
AVG 7.5.0.447 04.07.2007 Downloader.Tibs
BitDefender 7.2 04.07.2007 MemScan:Trojan.Downloader.Small.AAU
CAT-QuickHeal 9.00 04.06.2007 I-Worm.Zhelatine.ah
ClamAV devel-20070312 04.07.2007 no virus found
DrWeb 4.33 04.07.2007 Trojan.Packed.29
eSafe 7.0.15.0 04.07.2007 Win32.Zhelatin.ah
eTrust-Vet 30.7.3549 04.06.2007 Win32/Tibs!generic
Ewido 4.0 04.07.2007 Worm.Zhelatin.ah
FileAdvisor 1 04.07.2007 no virus found
Fortinet 2.85.0.0 04.07.2007 W32/Tibs.AH@mm
F-Prot 4.3.1.45 04.04.2007 W32/EmailWorm.EKL
F-Secure 6.70.13030.0 04.07.2007 Email-Worm.Win32.Zhelatin.ah
Ikarus T3.1.1.3 04.07.2007 Email-Worm.Win32.Zhelatin.ah
Kaspersky 4.0.2.24 04.07.2007 Email-Worm.Win32.Zhelatin.ah
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.07.2007 Worm:Win32/Nuwar.gen
NOD32v2 2172 04.07.2007 Win32/Nuwar.gen
Norman 5.80.02 04.05.2007 W32/Tibs.QBK
Panda 9.0.0.4 04.07.2007 Trj/Alanchum.SG
Prevx1 V2 04.07.2007 Dropper.Payload
Sophos 4.16.0 04.06.2007 Mal/EncPk-D
Sunbelt 2.2.907.0 04.07.2007 VIPRE.Suspicious
Symantec 10 04.07.2007 Trojan.Packed.13
TheHacker 6.1.6.085 04.04.2007 W32/Zhelatin.ah
VBA32 3.11.3 04.06.2007 OScope.Worm.UK.Nuwar
VirusBuster 4.3.7:9 04.07.2007 Trojan.Tibs.Gen!Pac44
Webwasher-Gateway 6.0.1 04.07.2007 Worm.Zhelatin.AH.3


Aditional Information
File size: 6421 bytes
MD5: b3a2d6e6877aaad53986a36a026e8030
SHA1: ca4b1ff9159897c47db7c53330c905931f3f0849
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=e8bf78317774
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-07-2007, 01:17 PM   #20 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 44
OS: XP


Re: "trusted e-mail program"?? = adirka.exe
STATUS: FINISHEDComplete scanning result of "nfopolgz.exe", received in VirusTotal at 04.07.2007, 20:40:56 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.07.2007 TR/Crypt.ULPM.Gen
Authentium 4.93.8 04.06.2007 no virus found
Avast 4.7.936.0 04.06.2007 Win32:Zhelatin-AB
AVG 7.5.0.447 04.07.2007 Downloader.Tibs
BitDefender 7.2 04.07.2007 Trojan.Peed.Gen
CAT-QuickHeal 9.00 04.06.2007 I-Worm.Zhelatine.i
ClamAV devel-20070312 04.07.2007 Trojan.Small-1029
DrWeb 4.33 04.07.2007 Trojan.Packed.7
eSafe 7.0.15.0 04.07.2007 suspicious Trojan/Worm
eTrust-Vet 30.7.3549 04.06.2007 no virus found
Ewido 4.0 04.07.2007 no virus found
FileAdvisor 1 04.07.2007 no virus found
Fortinet 2.85.0.0 04.07.2007 W32/Tibs.gen
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.07.2007 Email-Worm.Win32.Zhelatin.i
Ikarus T3.1.1.3 04.07.2007 Email-Worm.Win32.Zhelatin.n
Kaspersky 4.0.2.24 04.07.2007 Email-Worm.Win32.Zhelatin.i
McAfee 5003 04.06.2007 no virus found
Microsoft 1.2405 04.07.2007 Worm:Win32/Nuwar.gen
NOD32v2 2172 04.07.2007 Win32/Nuwar.gen
Norman 5.80.02 04.05.2007 W32/Tibs.gen27
Panda 9.0.0.4 04.07.2007 Trj/Alanchum.QH
Prevx1 V2 04.07.2007 Polynomial.Code.Exploit
Sophos 4.16.0 04.06.2007 Mal/EncPk-F
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.07.2007 Trojan.Packed.8
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.06.2007 OScope.Worm.UK.Nuwar
VirusBuster 4.3.7:9 04.07.2007 Trojan.Tibs.Gen!Pac32
Webwasher-Gateway 6.0.1 04.07.2007 Trojan.Crypt.ULPM.Gen


Aditional Information
File size: 6034 bytes
MD5: 662cfa81b56d2a8fc223fe20518a743b
SHA1: cc6d44ff4ebb54952850064fe6e3024758927199
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=170475060575
fritzfry is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 3 1 23

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 06:20 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85