benko77

Members
  • Content Count

    8
  • Joined

  • Last visited

Community Reputation

0 Neutral

About benko77

  • Rank
    Newbie
  1. SDFix: Version 1.119 Run by Benko on Äet 27.12.2007 at 23:02 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-28 00:58:36 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Fri 22 Sep 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 27 Jun 2007 20,480 ...H. --- "C:\Documents and Settings\Benko\My Documents\~WRL0001.tmp" Wed 27 Jun 2007 20,992 ...H. --- "C:\Documents and Settings\Benko\My Documents\~WRL0003.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Downloadd4a7c846fe5e74c3056c3e240c1ffeb\BIT4.tmp" Wed 17 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8361ae28fcfac79271825a6b2935fdb6\BIT2B.tmp" Tue 18 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe" Fri 22 Sep 2006 20 A..H. --- "C:\Documents and Settings\Benko\My Documents\My Music\License Backup\drmv1lic.bak" Fri 22 Sep 2006 4,348 ...H. --- "C:\Documents and Settings\Benko\My Documents\My Music\License Backup\drmv1key.bak" Fri 22 Sep 2006 9,655 A.SH. --- "C:\Documents and Settings\Benko\My Documents\My Music\License Backup\drmv2key.bak" Sat 23 Sep 2006 19,968 ...H. --- "C:\Documents and Settings\Benko\Application Data\Microsoft\Word\~WRL0003.tmp" Sat 23 Sep 2006 23,040 ...H. --- "C:\Documents and Settings\Benko\Application Data\Microsoft\Word\~WRL0001.tmp" Finished!
  2. No problem. I am very grateful for your help. It seems that the main part was taken care of as I haven't had any new popups from the last fix. And Merry Christmas and Happy Holidays! Best wishes to you and your family. ComboFix 07-12-21.4 - Benko 2007-12-25 9:32:53.4 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.248 [GMT 1:00] Running from: C:\Documents and Settings\Benko\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Benko\Desktop\CFScript.txt * Created a new restore point FILE C:\pos12D6.tmp C:\pos14C3.tmp C:\pos1578.tmp C:\pos15DF.tmp C:\pos16E7.tmp C:\pos1769.tmp C:\pos1956.tmp C:\pos1A81.tmp C:\pos1B3B.tmp C:\pos1DC0.tmp C:\pos1F2.tmp C:\pos1FBF.tmp C:\pos2056.tmp C:\pos300.tmp C:\pos3DE.tmp C:\pos4CA.tmp C:\pos5D7.tmp C:\pos664.tmp C:\pos7D5.tmp C:\pos99F.tmp C:\posA76.tmp C:\posB8E.tmp C:\posD11.tmp C:\posEA5.tmp C:\posF9B.tmp C:\posFC.tmp C:\posFEE.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\pos12D6.tmp C:\pos14C3.tmp C:\pos1578.tmp C:\pos15DF.tmp C:\pos16E7.tmp C:\pos1769.tmp C:\pos1956.tmp C:\pos1A81.tmp C:\pos1B3B.tmp C:\pos1DC0.tmp C:\pos1F2.tmp C:\pos1FBF.tmp C:\pos2056.tmp C:\pos300.tmp C:\pos3DE.tmp C:\pos4CA.tmp C:\pos5D7.tmp C:\pos664.tmp C:\pos7D5.tmp C:\pos99F.tmp C:\posA76.tmp C:\posB8E.tmp C:\posD11.tmp C:\posEA5.tmp C:\posF9B.tmp C:\posFC.tmp C:\posFEE.tmp . ((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 ))))))))))))))))))))))))))))))) . 2007-12-24 05:06 . 2007-12-24 05:06 7,168 --a------ C:\WINDOWS\system32\windows 2007-12-23 20:51 . 2007-12-24 06:03 14,033 --a------ C:\pos204E.tmp 2007-12-23 20:50 . 2007-12-24 06:02 14,033 --a------ C:\pos1FB8.tmp 2007-12-23 18:54 . 2007-12-23 18:54 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-23 10:01 . 2007-12-23 20:39 14,033 --a------ C:\pos1F33.tmp 2007-12-23 10:00 . 2007-12-23 20:39 14,033 --a------ C:\pos1DB0.tmp 2007-12-23 08:21 . 2007-12-23 08:39 14,033 --a------ C:\pos1B33.tmp 2007-12-23 08:20 . 2007-12-23 08:39 14,033 --a------ C:\pos1A7E.tmp 2007-12-23 00:52 . 2007-12-23 08:15 14,033 --a------ C:\pos194D.tmp 2007-12-22 22:33 . 2007-12-22 22:33 14,033 --a------ C:\pos1761.tmp 2007-12-22 22:32 . 2007-12-22 22:32 14,033 --a------ C:\pos16E1.tmp 2007-12-22 22:31 . 2007-12-22 22:31 14,033 --a------ C:\pos15D8.tmp 2007-12-22 21:33 . 2007-12-22 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-22 20:33 . 2007-12-22 20:33 14,033 --a------ C:\pos1572.tmp 2007-12-22 20:32 . 2007-12-22 20:32 14,033 --a------ C:\pos14B9.tmp 2007-12-22 20:13 . 2007-12-22 20:13 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\PC Tools 2007-12-22 20:13 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-22 20:13 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-22 20:13 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-22 20:13 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-22 12:05 . 2007-12-22 12:05 14,033 --a------ C:\pos12B8.tmp 2007-12-22 12:00 . 2007-12-22 12:04 14,033 --a------ C:\posFEA.tmp 2007-12-22 09:09 . 2007-12-22 11:57 14,033 --a------ C:\posF96.tmp 2007-12-22 09:08 . 2007-12-22 11:57 14,033 --a------ C:\posE9B.tmp 2007-12-22 00:19 . 2007-12-22 00:19 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\Netscape 2007-12-21 23:27 . 2007-12-21 23:27 14,033 --a------ C:\posD00.tmp 2007-12-21 23:14 . 2007-12-21 23:26 14,033 --a------ C:\posB83.tmp 2007-12-21 23:13 . 2007-12-21 23:26 14,033 --a------ C:\posA70.tmp 2007-12-21 22:59 . 2007-12-21 23:12 14,033 --a------ C:\pos98B.tmp 2007-12-21 22:58 . 2007-12-21 23:12 13,033 --a------ C:\pos7E6.tmp 2007-12-21 22:10 . 2007-12-21 22:10 <DIR> d-------- C:\Folders Unknown 2007-12-21 02:13 . 2007-12-21 22:57 14,033 --a------ C:\pos64D.tmp 2007-12-20 23:42 . 2007-12-21 02:10 14,033 --a------ C:\pos5D4.tmp 2007-12-20 23:41 . 2007-12-21 02:10 14,033 --a------ C:\pos4B8.tmp 2007-12-20 20:52 . 2007-12-20 20:52 14,033 --a------ C:\pos3D2.tmp 2007-12-20 20:51 . 2007-12-20 20:51 14,033 --a------ C:\pos2FC.tmp 2007-12-20 18:49 . 2007-12-20 20:49 14,033 --a------ C:\pos1EE.tmp 2007-12-20 18:48 . 2007-12-20 20:49 14,033 --a------ C:\posF7.tmp 2007-12-18 01:16 . 2007-12-18 01:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-12-18 01:16 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2007-12-18 01:16 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2007-12-18 01:16 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2007-12-18 01:14 . 2007-12-18 01:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-03 18:34 . 2007-12-03 18:34 <DIR> d-------- C:\Program Files\AIHoldem 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\USA Poker 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Titan Poker 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Prestige Poker 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Poker.com 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Noble Poker 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\CDPoker 2007-11-26 18:31 . 2007-11-26 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-23 22:34 --------- d-----w C:\Documents and Settings\Benko\Application Data\Nokia Multimedia Player 2007-11-23 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite 2007-11-23 18:05 --------- d-----w C:\Program Files\Common Files\PCSuite 2007-11-23 18:05 --------- d-----w C:\Program Files\Common Files\Nokia 2007-11-23 18:04 --------- d-----w C:\Program Files\PC Connectivity Solution 2007-11-23 18:04 --------- d-----w C:\Program Files\DIFX 2007-11-23 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-11 06:13 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll 2007-10-11 06:13 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-11 06:13 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-11 06:13 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll 2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll . ((((((((((((((((((((((((((((( [email protected]_10.00.45.17 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KeyMaestro"="C:\KMaestro\KMaestro.exe" [2002-04-30 11:01] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 10:34] "ICQ Lite"="D:\Programs\ICQLite\ICQLite.exe" [] "Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [] "C-Media Mixer"="Mixer.exe" [2002-07-12 09:33 C:\WINDOWS\mixer.exe] "C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" [] "Ad-Watch"="D:\Programs\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - D:\MS Office 2000\Office\OSA9.EXE [1999-02-17 23:05:56] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion] C:\Program Files\webHancer\Programs\whSurvey.exe R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45] R2 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 09:07] S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-03 01:54] . Contents of the 'Scheduled Tasks' folder "2007-12-25 08:33:02 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-25 09:35:21 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-25 9:35:58 C:\ComboFix2.txt ... 2007-12-24 06:07 . 2007-12-22 02:02:11 --- E O F ---
  3. ComboFix 07-12-21.4 - Benko 2007-12-24 6:00:18.3 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.191 [GMT 1:00] Running from: C:\Documents and Settings\Benko\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Benko\Desktop\CFScript.txt * Created a new restore point FILE C:\pos12D9.tmp C:\pos14C8.tmp C:\pos157C.tmp C:\pos15EF.tmp C:\pos16EA.tmp C:\pos176E.tmp C:\pos1964.tmp C:\pos1A8B.tmp C:\pos1B4D.tmp C:\pos1DD9.tmp C:\pos1F3.tmp C:\pos307.tmp C:\pos3E2.tmp C:\pos3E6.tmp C:\pos4D6.tmp C:\pos5D8.tmp C:\pos679.tmp C:\pos7E3.tmp C:\pos9B1.tmp C:\posA79.tmp C:\posB8F.tmp C:\posD1B.tmp C:\posEAE.tmp C:\posEF.tmp C:\posF9C.tmp C:\posFF.tmp C:\posFF9.tmp C:\WINDOWS\system32\bvnkzlzy.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\ndskfdue.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\pos12D9.tmp C:\pos14C8.tmp C:\pos157C.tmp C:\pos15EF.tmp C:\pos16EA.tmp C:\pos176E.tmp C:\pos1964.tmp C:\pos1A8B.tmp C:\pos1B4D.tmp C:\pos1DD9.tmp C:\pos1F3.tmp C:\pos307.tmp C:\pos3E2.tmp C:\pos3E6.tmp C:\pos4D6.tmp C:\pos5D8.tmp C:\pos679.tmp C:\pos7E3.tmp C:\pos9B1.tmp C:\posA79.tmp C:\posB8F.tmp C:\posD1B.tmp C:\posEAE.tmp C:\posEF.tmp C:\posF9C.tmp C:\posFF.tmp C:\posFF9.tmp C:\WINDOWS\system32\bvnkzlzy.dll C:\WINDOWS\system32\bvnkzlzy.dllbox C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\ndskfdue.dll . ((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))) . 2007-12-24 05:06 . 2007-12-24 05:06 7,168 --a------ C:\WINDOWS\system32\windows 2007-12-23 20:51 . 2007-12-24 06:03 14,033 --a------ C:\pos2056.tmp 2007-12-23 20:50 . 2007-12-24 06:02 14,033 --a------ C:\pos1FBF.tmp 2007-12-23 18:54 . 2007-12-23 18:54 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-23 10:00 . 2007-12-23 20:39 14,033 --a------ C:\pos1DC0.tmp 2007-12-23 08:21 . 2007-12-23 08:39 14,033 --a------ C:\pos1B3B.tmp 2007-12-23 08:20 . 2007-12-23 08:39 14,033 --a------ C:\pos1A81.tmp 2007-12-23 00:52 . 2007-12-23 08:15 14,033 --a------ C:\pos1956.tmp 2007-12-22 22:33 . 2007-12-22 22:33 14,033 --a------ C:\pos1769.tmp 2007-12-22 22:32 . 2007-12-22 22:33 14,033 --a------ C:\pos16E7.tmp 2007-12-22 22:31 . 2007-12-22 22:31 14,033 --a------ C:\pos15DF.tmp 2007-12-22 21:33 . 2007-12-22 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-22 20:33 . 2007-12-22 20:33 14,033 --a------ C:\pos1578.tmp 2007-12-22 20:32 . 2007-12-22 20:32 14,033 --a------ C:\pos14C3.tmp 2007-12-22 20:13 . 2007-12-22 20:13 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\PC Tools 2007-12-22 20:13 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-22 20:13 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-22 20:13 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-22 20:13 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-22 12:05 . 2007-12-22 12:06 14,033 --a------ C:\pos12D6.tmp 2007-12-22 12:00 . 2007-12-22 12:04 14,033 --a------ C:\posFEE.tmp 2007-12-22 09:09 . 2007-12-22 11:57 14,033 --a------ C:\posF9B.tmp 2007-12-22 09:08 . 2007-12-22 11:57 14,033 --a------ C:\posEA5.tmp 2007-12-22 00:19 . 2007-12-22 00:19 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\Netscape 2007-12-21 23:27 . 2007-12-21 23:28 14,033 --a------ C:\posD11.tmp 2007-12-21 23:14 . 2007-12-21 23:26 14,033 --a------ C:\posB8E.tmp 2007-12-21 23:13 . 2007-12-21 23:26 14,033 --a------ C:\posA76.tmp 2007-12-21 22:59 . 2007-12-21 23:12 14,033 --a------ C:\pos99F.tmp 2007-12-21 22:58 . 2007-12-21 23:12 14,033 --a------ C:\pos7D5.tmp 2007-12-21 22:10 . 2007-12-21 22:10 <DIR> d-------- C:\Folders Unknown 2007-12-21 02:13 . 2007-12-21 22:57 14,033 --a------ C:\pos664.tmp 2007-12-20 23:42 . 2007-12-21 02:10 14,033 --a------ C:\pos5D7.tmp 2007-12-20 23:41 . 2007-12-21 02:10 14,033 --a------ C:\pos4CA.tmp 2007-12-20 20:52 . 2007-12-20 20:52 14,033 --a------ C:\pos3DE.tmp 2007-12-20 20:51 . 2007-12-20 20:51 14,033 --a------ C:\pos300.tmp 2007-12-20 18:49 . 2007-12-20 20:49 14,033 --a------ C:\pos1F2.tmp 2007-12-20 18:48 . 2007-12-20 20:49 14,033 --a------ C:\posFC.tmp 2007-12-18 01:16 . 2007-12-18 01:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-12-18 01:16 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2007-12-18 01:16 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2007-12-18 01:16 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2007-12-18 01:14 . 2007-12-18 01:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-03 18:34 . 2007-12-03 18:34 <DIR> d-------- C:\Program Files\AIHoldem 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\USA Poker 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Titan Poker 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Prestige Poker 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Poker.com 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Noble Poker 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\CDPoker 2007-11-26 18:31 . 2007-11-26 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-23 22:34 --------- d-----w C:\Documents and Settings\Benko\Application Data\Nokia Multimedia Player 2007-11-23 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite 2007-11-23 18:05 --------- d-----w C:\Program Files\Common Files\PCSuite 2007-11-23 18:05 --------- d-----w C:\Program Files\Common Files\Nokia 2007-11-23 18:04 --------- d-----w C:\Program Files\PC Connectivity Solution 2007-11-23 18:04 --------- d-----w C:\Program Files\DIFX 2007-11-23 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations 2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-11 06:13 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll 2007-10-11 06:13 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-11 06:13 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-11 06:13 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll 2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll . ((((((((((((((((((((((((((((( [email protected]_10.00.45.17 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KeyMaestro"="C:\KMaestro\KMaestro.exe" [2002-04-30 11:01] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 10:34] "ICQ Lite"="D:\Programs\ICQLite\ICQLite.exe" [] "Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [] "C-Media Mixer"="Mixer.exe" [2002-07-12 09:33 C:\WINDOWS\mixer.exe] "C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" [] "Ad-Watch"="D:\Programs\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - D:\MS Office 2000\Office\OSA9.EXE [1999-02-17 23:05:56] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion] C:\Program Files\webHancer\Programs\whSurvey.exe R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45] R2 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 09:07] S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-03 01:54] . Contents of the 'Scheduled Tasks' folder "2007-12-24 05:03:02 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-24 06:06:05 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-24 6:07:37 - machine was rebooted . 2007-12-22 02:02:11 --- E O F ---
  4. Have run combofix.exe BTW: Don't know if this is important, but had to restart the computer after I ran combofix, because I haven't had any internet connection. The combofix log file: ComboFix 07-12-21.4 - Benko 2007-12-23 20:36:27.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.330 [GMT 1:00] Running from: C:\Documents and Settings\Benko\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\bvnkzlzy.dllbox . ((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))) . 2007-12-23 20:02 . 2007-12-23 20:24 7,168 --a------ C:\WINDOWS\system32\windows 2007-12-23 18:54 . 2007-12-23 18:54 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-23 10:00 . 2007-12-23 20:39 14,033 --a------ C:\pos1DD9.tmp 2007-12-23 09:59 . 2007-12-23 20:39 8,033 --a------ C:\posEF.tmp 2007-12-23 09:59 . 2007-12-23 20:39 8,033 --a------ C:\pos5D8.tmp 2007-12-23 09:59 . 2007-12-23 20:39 7,033 --a------ C:\pos3E2.tmp 2007-12-23 08:21 . 2007-12-23 08:39 14,033 --a------ C:\pos1B4D.tmp 2007-12-23 08:20 . 2007-12-23 08:39 14,033 --a------ C:\pos1A8B.tmp 2007-12-23 00:52 . 2007-12-23 08:15 14,033 --a------ C:\pos1964.tmp 2007-12-22 22:33 . 2007-12-22 22:33 14,033 --a------ C:\pos176E.tmp 2007-12-22 22:32 . 2007-12-22 22:33 14,033 --a------ C:\pos16EA.tmp 2007-12-22 22:31 . 2007-12-22 22:32 14,033 --a------ C:\pos15EF.tmp 2007-12-22 21:33 . 2007-12-22 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-22 20:33 . 2007-12-22 20:33 14,033 --a------ C:\pos157C.tmp 2007-12-22 20:32 . 2007-12-22 20:32 14,033 --a------ C:\pos14C8.tmp 2007-12-22 20:13 . 2007-12-22 20:13 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\PC Tools 2007-12-22 20:13 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-22 20:13 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-22 20:13 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-22 20:13 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-22 12:05 . 2007-12-22 12:06 14,033 --a------ C:\pos12D9.tmp 2007-12-22 12:00 . 2007-12-22 12:04 14,033 --a------ C:\posFF9.tmp 2007-12-22 09:09 . 2007-12-22 11:57 14,033 --a------ C:\posF9C.tmp 2007-12-22 09:08 . 2007-12-22 11:57 14,033 --a------ C:\posEAE.tmp 2007-12-22 00:19 . 2007-12-22 00:19 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\Netscape 2007-12-21 23:27 . 2007-12-21 23:28 14,033 --a------ C:\posD1B.tmp 2007-12-21 23:14 . 2007-12-21 23:26 14,033 --a------ C:\posB8F.tmp 2007-12-21 23:13 . 2007-12-21 23:26 14,033 --a------ C:\posA79.tmp 2007-12-21 22:59 . 2007-12-21 23:12 14,033 --a------ C:\pos9B1.tmp 2007-12-21 22:58 . 2007-12-21 23:12 14,033 --a------ C:\pos7E3.tmp 2007-12-21 22:10 . 2007-12-21 22:10 <DIR> d-------- C:\Folders Unknown 2007-12-21 02:13 . 2007-12-21 22:57 14,033 --a------ C:\pos679.tmp 2007-12-21 02:10 . 2007-12-21 02:10 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-12-20 23:41 . 2007-12-21 02:10 14,033 --a------ C:\pos4D6.tmp 2007-12-20 20:52 . 2007-12-20 20:52 14,033 --a------ C:\pos3E6.tmp 2007-12-20 20:51 . 2007-12-20 20:52 14,033 --a------ C:\pos307.tmp 2007-12-20 18:49 . 2007-12-20 20:49 14,033 --a------ C:\pos1F3.tmp 2007-12-20 18:48 . 2007-12-20 20:49 14,033 --a------ C:\posFF.tmp 2007-12-20 14:07 . 2007-12-20 14:07 165,472 --a------ C:\WINDOWS\system32\ndskfdue.dll 2007-12-20 14:07 . 2007-12-20 14:07 165,472 --a------ C:\WINDOWS\system32\bvnkzlzy.dll 2007-12-18 01:16 . 2007-12-18 01:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-12-18 01:16 . 2006-10-04 15:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb 2007-12-18 01:16 . 2006-10-04 15:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2007-12-18 01:16 . 2006-10-04 15:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb 2007-12-18 01:14 . 2007-12-18 01:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-03 18:34 . 2007-12-03 18:34 <DIR> d-------- C:\Program Files\AIHoldem 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\USA Poker 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Titan Poker 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Prestige Poker 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Poker.com 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\Noble Poker 2007-12-03 18:34 . 2007-12-03 18:34 0 --a------ C:\WINDOWS\CDPoker 2007-11-26 18:31 . 2007-11-26 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS 2007-11-23 23:34 . 2007-11-23 23:34 <DIR> d-------- C:\Documents and Settings\Benko\Application Data\Nokia Multimedia Player 2007-11-23 19:10 . 2007-11-23 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2007-11-23 19:05 . 2007-11-23 19:05 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2007-11-23 19:05 . 2007-11-23 19:05 <DIR> d-------- C:\Program Files\Common Files\Nokia 2007-11-23 19:04 . 2007-11-23 19:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2007-11-23 19:04 . 2007-11-23 19:04 <DIR> d-------- C:\Program Files\DIFX 2007-11-23 19:04 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-11-23 19:04 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-11-23 19:04 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-11-23 19:04 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-11-23 19:04 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-11-23 19:04 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-11-23 18:59 . 2007-11-23 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-30 10:16 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 16:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-11 06:13 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll 2007-10-11 06:13 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-11 06:13 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-11 06:13 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-11 06:13 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-11 06:13 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll 2007-10-11 06:13 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-11 06:13 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll 2007-10-11 06:13 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll 2007-10-11 06:13 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll 2007-10-11 06:13 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-11 06:13 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-11 06:13 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll 2007-10-11 06:13 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-11 06:13 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll 2007-10-11 06:13 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll 2007-10-11 06:13 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll 2007-10-10 11:16 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\audio3d.dll . ((((((((((((((((((((((((((((( [email protected]_10.00.45.17 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EB470E4-8B99-4394-849D-D9214C954A6A}] C:\WINDOWS\System32\ilnn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-12-20 14:07 165472 --a------ C:\WINDOWS\system32\bvnkzlzy.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KeyMaestro"="C:\KMaestro\KMaestro.exe" [2002-04-30 11:01] "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:56 C:\WINDOWS\system32\rundll32.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 19:05] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-12 10:34] "ICQ Lite"="D:\Programs\ICQLite\ICQLite.exe" [] "Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [] "C-Media Mixer"="Mixer.exe" [2002-07-12 09:33 C:\WINDOWS\mixer.exe] "C-Media Echo Control"="C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe" [] "Ad-Watch"="D:\Programs\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - D:\MS Office 2000\Office\OSA9.EXE [1999-02-17 23:05:56] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bvnkzlzy] bvnkzlzy.dll 2007-12-20 14:07 165472 C:\WINDOWS\system32\bvnkzlzy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggdaya] hggdaya.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion] C:\Program Files\webHancer\Programs\whSurvey.exe R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45] R2 SFC4;SFC4;C:\WINDOWS\system32\drivers\SFC4.sys [1998-09-16 09:07] S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys [2003-04-03 01:54] . Contents of the 'Scheduled Tasks' folder "2007-12-23 19:38:02 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-23 20:41:04 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\bvnkzlzy.dll . Completion time: 2007-12-23 20:41:48 C:\ComboFix2.txt ... 2007-12-23 10:02 . 2007-12-22 02:02:11 --- E O F ---
  5. Sorry Scan saved at 18:55:22, on 23.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE D:\Programs\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\KMaestro\KMaestro.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe D:\Programs\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ESET\nod32kui.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.f1time.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Benko\LOCALS~1\Temp\se.dll/sp.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.70:3124 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3EB470E4-8B99-4394-849D-D9214C954A6A} - C:\WINDOWS\System32\ilnn.dll (file missing) O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - G:\Program\FlipAlbum 5 Suite\FpLaunch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\bvnkzlzy.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [iCQ Lite] D:\Programs\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe O4 - HKLM\..\Run: [Ad-Watch] D:\Programs\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Microsoft Office.lnk = D:\MS Office 2000\Office\OSA9.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program Files\BetwayMPP\MPPoker.exe O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Programs\CDPoker\casino.exe O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Programs\CDPoker\casino.exe O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program Files\bet365MPP\MPPoker.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programs\PartyPoker\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programs\PartyPoker\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O13 - WWW. Prefix: http://ehttp.cc/? O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132852199033 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.sportna-loterija.si/eigre/msrdp.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://betway.microgaming.com/betway/FlashAX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7D4648AB-6AD3-4628-B70A-A28FC02C6017}: NameServer = 213.161.0.10,213.161.0.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{CDF31E72-6969-47AC-9A54-758259B32731}: NameServer = 213.161.0.10,213.161.0.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{EB63D942-4493-4450-B3F5-00189A659270}: NameServer = 213.161.0.10,213.161.0.20 O20 - Winlogon Notify: bvnkzlzy - C:\WINDOWS\SYSTEM32\bvnkzlzy.dll O20 - Winlogon Notify: hggdaya - hggdaya.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programs\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 8149 bytes
  6. Thanx for the replay. Here is the log file. Log.23.12.txt
  7. Just fund another thread with the same problem: http://www.lavasoftsupport.com/index.php?showtopic=14852
  8. I didn’t download and install storage protector , but i’ve got the messages only and some bugs , and i have 2 icons on the desktop : windows update an help and support center. The Ad-Aware 2007 did not find it. Any advice how to fix this?