tbones454

Members
  • Content Count

    5
  • Joined

  • Last visited

Everything posted by tbones454

  1. Sorry about the delay, everything is working perfect. Thanks for your help!
  2. Log of scan: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, December 02, 2007 12:01:17 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 2/12/2007 Kaspersky Anti-Virus database records: 470147 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 45776 Number of viruses found: 11 Number of infected objects: 56 Number of suspicious objects: 0 Duration of the scan process: 13:24:53 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-1303002512-519456083-2392934083-500.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\TmPfw_S-1-5-21-1303002512-519456083-2392934083-500.log Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\TEA\Cookies\index.dat Object is locked skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071118-230635-874.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071119-221150-593.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071119-221150-779.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071119-222314-429.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071119-222315-561.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071119-222354-277.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071119-222355-922.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071123-211923-293.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071123-211923-845.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071123-213340-876.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071123-213340-989.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071126-185528-325.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071126-185528-470.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-213950-675.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-213950-999.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-215746-228.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-215746-495.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-221217-581.dll Infected: not-a-virus:AdWare.Win32.AdBand.e skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-221217-624.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-221217-802.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-221921-862.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-221921-883.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-222300-131.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-222300-400.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\Documents and Settings\TEA\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\TEA\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\TEA\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\TEA\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\TEA\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped C:\Documents and Settings\TEA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\TEA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\TEA\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\TEA\Local Settings\History\History.IE5\MSHist012007120120071202\index.dat Object is locked skipped C:\Documents and Settings\TEA\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\TEA\Local Settings\Temp\Perflib_Perfdata_2dc.dat Object is locked skipped C:\Documents and Settings\TEA\Local Settings\Temp\Perflib_Perfdata_cfc.dat Object is locked skipped C:\Documents and Settings\TEA\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\TEA\My Documents\Old HP\Todd\Email\AMANA.dbx/[From Mark DiRezze <[email protected]>][Date Tue, 14 Aug 2001 09:36:33 -0700 (PDT)]/UNNAMED/CFGWIZ32.EXE Infected: Email-Worm.Win32.Magistr.a skipped C:\Documents and Settings\TEA\My Documents\Old HP\Todd\Email\AMANA.dbx/[From Mark DiRezze <[email protected]>][Date Tue, 14 Aug 2001 09:36:33 -0700 (PDT)]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped C:\Documents and Settings\TEA\My Documents\Old HP\Todd\Email\AMANA.dbx Mail MS Outlook 5: infected - 2 skipped C:\Documents and Settings\TEA\NTUSER.DAT Object is locked skipped C:\Documents and Settings\TEA\ntuser.dat.LOG Object is locked skipped C:\Program Files\Trend Micro\Internet Security 14\Quarantine\61F.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\Program Files\Trend Micro\Internet Security 14\Quarantine\61F.tmp NSIS: infected - 1 skipped C:\Program Files\Trend Micro\Internet Security 14\Quarantine\61F.tmp CryptFF.b: infected - 1 skipped C:\qoobox\Quarantine\C\Program Files\QdrPack\QdrPack9.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.vu skipped C:\qoobox\Quarantine\C\WINDOWS\system32\ivdpkbub.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped C:\qoobox\Quarantine\C\WINDOWS\system32\oktjcbwc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\qoobox\Quarantine\C\WINDOWS\system32\vjjgvwln.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\qoobox\Quarantine\C\WINDOWS\system32\vlvmdkeg.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\qoobox\Quarantine\catchme2007-12-01_194819.34.zip/cbxyxww.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\qoobox\Quarantine\catchme2007-12-01_194819.34.zip/vjjgvwln.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\qoobox\Quarantine\catchme2007-12-01_194819.34.zip ZIP: infected - 2 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0006365.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0006457.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0006499.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0006499.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0006499.exe RarSFX: infected - 2 skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0006520.dll Infected: not-a-virus:AdWare.Win32.AdBand.e skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP25\A0006602.exe Infected: not-a-virus:AdWare.Win32.Agent.vu skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0006696.exe Infected: Trojan.Win32.Obfuscated.kp skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0006697.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0006699.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0006703.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0006705.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0006709.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6DE51A34-DA31-468C-9F51-0E2BEC5E774B}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\_OTMoveIt\MovedFiles\Program Files\QdrModule\QdrModule9.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped Scan process completed. Log of HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:02:12 PM, on 12/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\TEA\Desktop\HijackThis.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 4558 bytes
  3. Dear Noahdfear here are the logs. How did you know C:\Windows\System32\ivvdkbub.exe file was infected? Thanks a million. Combo Fix Log: ComboFix 07-11-19.4C - TEA 2007-12-01 19:41:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.322 [GMT -6:00] Running from: C:\Documents and Settings\TEA\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\TEA\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\aqqgqxvp.dll C:\WINDOWS\system32\cbxyxww.dll C:\WINDOWS\system32\cwbcjtko.ini C:\WINDOWS\system32\efhkj.ini2 C:\WINDOWS\system32\ivdpkbub.exe C:\WINDOWS\system32\oktjcbwc.dll C:\WINDOWS\system32\ppqss.ini C:\WINDOWS\system32\ppqss.ini2 C:\WINDOWS\system32\qttss.ini2 C:\WINDOWS\system32\rrqss.ini2 C:\WINDOWS\system32\ssqpp.dll C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\vjjgvwln.dll C:\WINDOWS\system32\vlvmdkeg.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\TEA\Desktop\Live Safety Center.lnk C:\Documents and Settings\TEA\Desktop\Online Security Guide.lnk C:\Documents and Settings\TEA\Favorites\Online Security Guide.lnk C:\Program Files\QdrDrive C:\Program Files\QdrDrive\qdrloader.exe C:\WINDOWS\system32\aqqgqxvp.dll C:\WINDOWS\system32\cbxyxww.dll C:\WINDOWS\system32\cwbcjtko.ini C:\WINDOWS\system32\efhkj.ini2 C:\WINDOWS\system32\ivdpkbub.exe C:\WINDOWS\system32\oktjcbwc.dll C:\WINDOWS\system32\ppqss.ini C:\WINDOWS\system32\ppqss.ini2 C:\WINDOWS\system32\qttss.ini2 C:\WINDOWS\system32\rrqss.ini2 C:\WINDOWS\system32\ssqpp.dll C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\vjjgvwln.dll C:\WINDOWS\system32\vjjgvwln.dllbox C:\WINDOWS\system32\vlvmdkeg.dll . ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))) . 2007-11-19 21:10 <DIR> d-------- C:\Program Files\Adware Away 2007-11-18 22:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-18 18:00 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-11-18 18:00 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\PC Tools 2007-11-18 18:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-18 18:00 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-18 18:00 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-18 18:00 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-18 18:00 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-18 16:14 <DIR> d-------- C:\WINDOWS\SendTo 2007-11-18 16:14 69,632 --a------ C:\WINDOWS\system32\system.mdw 2007-11-18 16:12 <DIR> d-------- C:\WINDOWS\forms 2007-11-18 16:12 <DIR> d-------- C:\Program Files\Windows Messaging 2007-11-17 18:00 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\HP 2007-11-17 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP 2007-11-17 17:59 <DIR> d-------- C:\Program Files\Common Files\HP 2007-11-17 17:57 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-11-17 17:57 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-11-17 17:52 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2007-11-17 17:52 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-11-17 17:51 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll 2007-11-17 17:51 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll 2007-11-17 17:51 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-17 17:51 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-17 17:47 <DIR> d-------- C:\Program Files\HP 2007-11-17 17:47 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-11-17 17:47 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-11-17 17:47 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-11-17 17:47 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-11-17 17:47 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-11-17 17:47 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-11-17 17:47 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-11-17 17:46 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-11-17 17:46 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-11-17 17:46 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-11-17 17:46 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-17 17:46 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-11-17 17:46 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2007-11-17 17:45 118,642 --a------ C:\WINDOWS\hpoins09.dat 2007-11-17 17:40 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-11-17 00:29 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-11-17 00:29 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-11-17 00:29 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2007-11-17 00:27 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-11-17 00:19 23,040 --------- C:\WINDOWS\kb913800.exe 2007-11-17 00:18 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll 2007-11-17 00:16 72,704 --------- C:\WINDOWS\system32\dllcache\hlink.dll 2007-11-17 00:01 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-17 00:01 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-17 00:01 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-11-17 00:01 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-17 00:01 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-17 00:01 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-17 00:01 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-16 23:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield 2007-11-16 23:44 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek 2007-11-16 23:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI 2007-11-16 23:44 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\InstallShield 2007-11-16 23:44 <DIR> d--h----- C:\Documents and Settings\TEA\Application Data\Gtek 2007-11-16 23:44 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\ATI 2007-11-16 23:22 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\Template 2007-11-16 23:07 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\Sonic 2007-11-16 23:07 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\Leadertech 2007-11-16 23:03 140 --a------ C:\Documents and Settings\TEA\Application Data\wklnhst.dat 2007-11-02 09:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI 2007-11-02 09:12 <DIR> d-------- C:\Program Files\CyberLink 2007-11-02 09:12 <DIR> d-------- C:\MDT 2007-11-02 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell 2007-11-02 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2007-11-02 09:12 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll 2007-11-02 09:12 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll 2007-11-02 09:11 <DIR> d-------- C:\Program Files\Dell Support 2007-11-02 09:11 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-11-02 09:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GTek 2007-11-02 09:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\GTek 2007-11-02 09:11 217,185 --a------ C:\WINDOWS\system32\GTDownDE_130.ocx 2007-11-02 09:11 3,380 --a------ C:\WINDOWS\system32\OEMINFO.PNF 2007-11-02 09:09 <DIR> d-------- C:\Program Files\Microsoft Works 2007-11-02 09:09 <DIR> d-------- C:\Program Files\illiminable 2007-11-02 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YAHOO 2007-11-02 09:08 <DIR> d-------- C:\Program Files\Google 2007-11-02 09:08 <DIR> d-------- C:\Program Files\BAE 2007-11-02 09:08 0 --ah----- C:\Documents and Settings\All Users\Application Data\gwseh.dat 2007-11-02 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2007-11-02 09:06 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2007-11-02 09:06 <DIR> d-------- C:\WINDOWS\system32\dla 2007-11-02 09:06 <DIR> d-------- C:\WINDOWS\occache 2007-11-02 09:06 <DIR> d-------- C:\Program Files\Viewpoint 2007-11-02 09:06 <DIR> d-------- C:\Program Files\Real 2007-11-02 09:06 <DIR> d-------- C:\Program Files\QuickTime 2007-11-02 09:06 <DIR> d-------- C:\Program Files\Learn2.com 2007-11-02 09:06 <DIR> d-------- C:\Program Files\Common Files\Real 2007-11-02 09:06 <DIR> d-------- C:\Program Files\Common Files\Nullsoft 2007-11-02 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-11-02 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime 2007-11-02 09:06 1,496,576 --a------ C:\WINDOWS\system32\shdocvw.bak 2007-11-02 09:06 98,358 --a------ C:\WINDOWS\dla.exe 2007-11-02 09:06 87,488 --a------ C:\WINDOWS\system32\drivers\drvmcdb.sys 2007-11-02 09:06 86,016 --a------ C:\WINDOWS\unvise32qt.exe 2007-11-02 09:06 61,498 --a------ C:\WINDOWS\system32\tfswapi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 16:15] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-22 17:35] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 15:32] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-02 09:06] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-02 08:59:42] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-07-11] Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{827D3881-317C-442A-B4ED-F576CBA700BB}"= C:\WINDOWS\SYSTEM32\GWSEH.dll [2004-09-23 07:21 155648] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-01 19:48:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-01 19:49:24 - machine was rebooted C:\ComboFix2.txt ... 2007-12-01 10:12 C:\ComboFix3.txt ... 2007-11-28 21:27 . --- E O F --- Log of HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:51:44 PM, on 12/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\TEA\Desktop\HijackThis.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 4683 bytes
  4. Noahdfear, Thanks for helping, I downloaded HJT & ComboFix. Here is the log from Combo Fix ComboFix 07-11-19.4C - TEA 2007-12-01 10:03:39.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.286 [GMT -6:00] Running from: C:\Documents and Settings\TEA\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\TEA\Favorites\Online Security Guide.lnk C:\Program Files\QdrPack C:\Program Files\QdrPack\dicts.gz C:\Program Files\QdrPack\QdrPack9.exe C:\Program Files\QdrPack\trgts.gz C:\WINDOWS\cookies.ini C:\WINDOWS\system32\vjjgvwln.dllbox . ((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 ))))))))))))))))))))))))))))))) . 2007-12-01 09:59 6,701 --ahs---- C:\WINDOWS\system32\ppqss.ini 2007-12-01 09:59 6,599 --ahs---- C:\WINDOWS\system32\ppqss.ini2 2007-11-29 22:02 1,822 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-26 19:12 6,766 --ahs---- C:\WINDOWS\system32\efhkj.ini2 2007-11-19 21:10 <DIR> d-------- C:\Program Files\Adware Away 2007-11-19 20:34 686,792 ---hs---- C:\WINDOWS\system32\cwbcjtko.ini 2007-11-19 20:34 85,056 --a------ C:\WINDOWS\system32\oktjcbwc.dll 2007-11-19 20:34 83,008 --a------ C:\WINDOWS\system32\aqqgqxvp.dll 2007-11-19 20:29 145,984 --a------ C:\WINDOWS\system32\vlvmdkeg.dll 2007-11-19 20:29 145,984 --a------ C:\WINDOWS\system32\vjjgvwln.dll 2007-11-19 20:29 71,232 --a------ C:\WINDOWS\system32\ivdpkbub.exe 2007-11-18 22:38 435,978 --ahs---- C:\WINDOWS\system32\qttss.ini2 2007-11-18 22:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-18 18:00 <DIR> d-------- C:\Program Files\Spyware Doctor 2007-11-18 18:00 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\PC Tools 2007-11-18 18:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-11-18 18:00 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-11-18 18:00 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-11-18 18:00 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-11-18 18:00 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-11-18 16:32 <DIR> d-------- C:\Program Files\QdrDrive 2007-11-18 16:31 36,352 --a------ C:\WINDOWS\system32\cbxyxww.dll 2007-11-18 16:14 <DIR> d-------- C:\WINDOWS\SendTo 2007-11-18 16:14 69,632 --a------ C:\WINDOWS\system32\system.mdw 2007-11-18 16:12 <DIR> d-------- C:\WINDOWS\forms 2007-11-18 16:12 <DIR> d-------- C:\Program Files\Windows Messaging 2007-11-17 18:00 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\HP 2007-11-17 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP 2007-11-17 17:59 <DIR> d-------- C:\Program Files\Common Files\HP 2007-11-17 17:57 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-11-17 17:57 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-11-17 17:52 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2007-11-17 17:52 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-11-17 17:51 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll 2007-11-17 17:51 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll 2007-11-17 17:51 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-17 17:51 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-17 17:47 <DIR> d-------- C:\Program Files\HP 2007-11-17 17:47 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-11-17 17:47 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-11-17 17:47 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-11-17 17:47 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-11-17 17:47 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-11-17 17:47 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-11-17 17:47 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-11-17 17:46 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-11-17 17:46 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-11-17 17:46 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2007-11-17 17:46 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-17 17:46 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-11-17 17:46 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2007-11-17 17:45 118,642 --a------ C:\WINDOWS\hpoins09.dat 2007-11-17 17:40 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-11-17 00:29 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys 2007-11-17 00:29 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe 2007-11-17 00:29 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll 2007-11-17 00:27 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-11-17 00:19 23,040 --------- C:\WINDOWS\kb913800.exe 2007-11-17 00:18 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll 2007-11-17 00:16 72,704 --------- C:\WINDOWS\system32\dllcache\hlink.dll 2007-11-17 00:01 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-17 00:01 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-17 00:01 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-11-17 00:01 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-17 00:01 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-17 00:01 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-17 00:01 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-16 23:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield 2007-11-16 23:44 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek 2007-11-16 23:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI 2007-11-16 23:44 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\InstallShield 2007-11-16 23:44 <DIR> d--h----- C:\Documents and Settings\TEA\Application Data\Gtek 2007-11-16 23:44 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\ATI 2007-11-16 23:22 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\Template 2007-11-16 23:07 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\Sonic 2007-11-16 23:07 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\Leadertech 2007-11-16 23:03 140 --a------ C:\Documents and Settings\TEA\Application Data\wklnhst.dat 2007-11-02 09:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI 2007-11-02 09:12 <DIR> d-------- C:\Program Files\CyberLink 2007-11-02 09:12 <DIR> d-------- C:\MDT 2007-11-02 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell 2007-11-02 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2007-11-02 09:12 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll 2007-11-02 09:12 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll 2007-11-02 09:11 <DIR> d-------- C:\Program Files\Dell Support 2007-11-02 09:11 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-11-02 09:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GTek 2007-11-02 09:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\GTek 2007-11-02 09:11 217,185 --a------ C:\WINDOWS\system32\GTDownDE_130.ocx 2007-11-02 09:11 3,380 --a------ C:\WINDOWS\system32\OEMINFO.PNF 2007-11-02 09:09 <DIR> d-------- C:\Program Files\Microsoft Works 2007-11-02 09:09 <DIR> d-------- C:\Program Files\illiminable 2007-11-02 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YAHOO 2007-11-02 09:09 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-11-02 09:09 114,856 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-11-02 09:08 <DIR> d-------- C:\Program Files\Google 2007-11-02 09:08 <DIR> d-------- C:\Program Files\BAE 2007-11-02 09:08 0 --ah----- C:\Documents and Settings\All Users\Application Data\gwseh.dat 2007-11-02 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2007-11-02 09:06 <DIR> d-------- C:\WINDOWS\system32\QuickTime . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-01 15:59 324,192 ----a-w C:\WINDOWS\system32\ssqpp.dll 2007-11-24 03:23 6,879 --sha-w C:\WINDOWS\system32\rrqss.ini2 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F50443C-4B05-49AB-B911-C7E52542D94B}] 2007-12-01 09:59 324192 --a------ C:\WINDOWS\system32\ssqpp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-19 20:29 145984 --a------ C:\WINDOWS\system32\vjjgvwln.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}] 2007-11-18 16:31 36352 --a------ C:\WINDOWS\system32\cbxyxww.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vjjgvwln.dll [2007-11-19 20:29 145984] [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 16:15] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-22 17:35] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50] "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 15:32] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-02 09:06] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-02 08:59:42] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22] Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-07-11] Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{827D3881-317C-442A-B4ED-F576CBA700BB}"= C:\WINDOWS\SYSTEM32\GWSEH.dll [2004-09-23 07:21 155648] "{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\cbxyxww.dll [2007-11-18 16:31 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyxww] cbxyxww.dll 2007-11-18 16:31 36352 C:\WINDOWS\system32\cbxyxww.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vjjgvwln] vjjgvwln.dll 2007-11-19 20:29 145984 C:\WINDOWS\system32\vjjgvwln.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqpp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-01 10:10:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-01 10:12:33 - machine was rebooted C:\ComboFix2.txt ... 2007-11-28 21:27 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:18:17 AM, on 12/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\TEA\Desktop\HijackThis.exe O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vjjgvwln.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 4735 bytes
  5. Have gotten "Internet Speed Monitor" side bar on Internet Explorer. Have downloaded most recent updates, ran Combo Fix & Hi Jack This. hijackthis.log ComboFix.txt