winantispyware - ana[INACTIVE]

ana

By ana,
in Malware Removal

 Share Followers 0

Recommended Posts

ana

ana

Posted
Posted

I've been having the same problem with WinAntiSpyWare2007FreeInstall.exe.

I downloaded Combofix, ran it and rebooted.

Here is my log. Please advise.

Thanks

ComboFix 07-08-17.2 - "Ana Pittell" 2007-08-19 19:53:05.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT -7:00]

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ANAPIT~1.\us0004.exe

C:\DOCUME~1\ANAPIT~1.\wn0004.exe

C:\DOCUME~1\ANAPIT~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\U5JS85G7\www.broadcaster.com

C:\DOCUME~1\ANAPIT~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\U5JS85G7\www.broadcaster.com\played_list.sol

C:\DOCUME~1\ANAPIT~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\U5JS85G7\www.broadcaster.com\video_queue.sol

C:\DOCUME~1\ANAPIT~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\DOCUME~1\ANAPIT~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

C:\DOCUME~1\ANAPIT~1\APPLIC~1.\searchtoolbarcorp

C:\DOCUME~1\ANAPIT~1\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\PageHistory.txt

C:\DOCUME~1\ANAPIT~1\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\WebHistory.txt

C:\DOCUME~1\ANAPIT~1\APPLIC~1\install.dat

C:\DOCUME~1\ANAPIT~1\STARTM~1\Programs\Startup.\TA_Start.lnk

C:\DOCUME~1\Kevin\APPLIC~1\install.dat

C:\Program Files\Common Files\Yazzle1281OinAdmin.exe

C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe

C:\Program Files\Common Files\Yazzle1549OinAdmin.exe

C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe

C:\Program Files\Common Files\ystem3~1

C:\Program Files\Common Files\ystem3~1\?ystem32\

C:\Program Files\Common Files\ystem3~1\tracert.exe

C:\Program Files\poolsv

C:\Program Files\poolsv\k11u72.exe

C:\Program Files\poolsv\svhost.exe

C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe

C:\Program Files\poolsv\wr-1-0000077.exe

C:\Program Files\poolsv\YazzleBundle-1549.exe

C:\Program Files\svhost

C:\Program Files\svhost\wr-1-0000077.exe

C:\tempb9

C:\tempb9\tmpTF.log

C:\WINDOWS\DOWNLO~1\USYP_0002_N91M1708NetInstaller.exe

C:\WINDOWS\DOWNLO~1\UWA6P_0001_N91M1807NetInstaller.exe

C:\WINDOWS\poolsv.exe

C:\WINDOWS\retadpu77.exe

C:\WINDOWS\svhost.exe

C:\WINDOWS\system32\acenphwv.ini

C:\WINDOWS\system32\akuktmwu.dll

C:\WINDOWS\system32\aucgrnjf.ini

C:\WINDOWS\system32\awfnrpcf.exe

C:\WINDOWS\system32\aydpdwwe.exe

C:\WINDOWS\system32\ayessumv.dll

C:\WINDOWS\system32\bbdbxhwi.dll

C:\WINDOWS\system32\behxqmru.dll

C:\WINDOWS\system32\bejjrihh.exe

C:\WINDOWS\system32\bfeelmgv.dll

C:\WINDOWS\system32\bggffrkn.dll

C:\WINDOWS\system32\biwbihkv.dll

C:\WINDOWS\system32\bllbyivf.dll

C:\WINDOWS\system32\bmevnvys.dll

C:\WINDOWS\system32\bmslgsts.dll

C:\WINDOWS\system32\boyykiut.dll

C:\WINDOWS\system32\buucwtii.exe

C:\WINDOWS\system32\cehasutl.exe

C:\WINDOWS\system32\cgpcqvdm.dll

C:\WINDOWS\system32\cgpdcxfc.dll

C:\WINDOWS\system32\cjmbllei.dll

C:\WINDOWS\system32\cksheboe.dll

C:\WINDOWS\system32\cuctyytq.dll

C:\WINDOWS\system32\cvjwkbcn.exe

C:\WINDOWS\system32\cvqxsghj.dll

C:\WINDOWS\system32\cvsenfsr.dll

C:\WINDOWS\system32\cxriwrxp.dll

C:\WINDOWS\system32\cxyjylgi.dll

C:\WINDOWS\system32\dkleayud.ini

C:\WINDOWS\system32\dkwjbbun.dll

C:\WINDOWS\system32\drivers\dp.sys

C:\WINDOWS\system32\dtnhkvxg.exe

C:\WINDOWS\system32\duyaelkd.dll

C:\WINDOWS\system32\dwdsregt.exe

C:\WINDOWS\system32\dwospvbb.dll

C:\WINDOWS\system32\dxdvgfys.dll

C:\WINDOWS\system32\efcyyvs.dll

C:\WINDOWS\system32\ejlwkiqh.dll

C:\WINDOWS\system32\elehegdr.dll

C:\WINDOWS\system32\emmonkps.dll

C:\WINDOWS\system32\essjrhuf.dll

C:\WINDOWS\system32\etvvkttk.exe

C:\WINDOWS\system32\eudeyeaj.dll

C:\WINDOWS\system32\evhqaiii.dll

C:\WINDOWS\system32\fdnscppd.dll

C:\WINDOWS\system32\fgcvhxfg.dll

C:\WINDOWS\system32\fgunaywb.exe

C:\WINDOWS\system32\fhtqkpsr.dll

C:\WINDOWS\system32\fjnrgcua.dll

C:\WINDOWS\system32\gcvncxcw.dll

C:\WINDOWS\system32\gerraqtb.exe

C:\WINDOWS\system32\getufjov.exe

C:\WINDOWS\system32\gfiriutu.dll

C:\WINDOWS\system32\ggxqdosp.exe

C:\WINDOWS\system32\gjmklais.exe

C:\WINDOWS\system32\gkarwgbn.dll

C:\WINDOWS\system32\glcrabig.exe

C:\WINDOWS\system32\gmfrlqro.dll

C:\WINDOWS\system32\gosdvwio.dll

C:\WINDOWS\system32\gpqmvvyb.dll

C:\WINDOWS\system32\grfxssuf.exe

C:\WINDOWS\system32\griaviex.exe

C:\WINDOWS\system32\gtqdxkns.dll

C:\WINDOWS\system32\gutougwd.exe

C:\WINDOWS\system32\gvmcfphx.dll

C:\WINDOWS\system32\gwephdhy.dll

C:\WINDOWS\system32\hacnwcyu.dll

C:\WINDOWS\system32\hbtvsjgj.exe

C:\WINDOWS\system32\hcnucfqt.dll

C:\WINDOWS\system32\hfsuplrj.dll

C:\WINDOWS\system32\hhahekwn.dll

C:\WINDOWS\system32\hlgdtukb.dll

C:\WINDOWS\system32\hlolgucs.exe

C:\WINDOWS\system32\homuaiga.dll

C:\WINDOWS\system32\hpburdcm.exe

C:\WINDOWS\system32\hqikwlje.ini

C:\WINDOWS\system32\hriayfsx.dll

C:\WINDOWS\system32\hthomsdq.dll

C:\WINDOWS\system32\huuvlqsf.exe

C:\WINDOWS\system32\huwfvexj.dll

C:\WINDOWS\system32\hvtsyykr.dll

C:\WINDOWS\system32\hxxhyfjs.dll

C:\WINDOWS\system32\iacaolna.exe

C:\WINDOWS\system32\idccqbcb.dll

C:\WINDOWS\system32\idlchgbm.dll

C:\WINDOWS\system32\iemflenu.exe

C:\WINDOWS\system32\ifiqraqq.ini

C:\WINDOWS\system32\iklsmmmu.dll

C:\WINDOWS\system32\ipbgaurh.dll

C:\WINDOWS\system32\iryhmgcd.exe

C:\WINDOWS\system32\iveqccgt.exe

C:\WINDOWS\system32\ivsshwwk.exe

C:\WINDOWS\system32\ixbxsllp.exe

C:\WINDOWS\system32\iykdvvco.dll

C:\WINDOWS\system32\jdxoqnif.exe

C:\WINDOWS\system32\jgaejgfn.ini

C:\WINDOWS\system32\jkpbnhlr.exe

C:\WINDOWS\system32\jkvvsxno.dll

C:\WINDOWS\system32\jmkitawl.exe

C:\WINDOWS\system32\jpckyqcp.dll

C:\WINDOWS\system32\jqqxaeag.dll

C:\WINDOWS\system32\jtgwnmup.exe

C:\WINDOWS\system32\kahscxgm.exe

C:\WINDOWS\system32\kcefjihq.ini

C:\WINDOWS\system32\kemskxsy.dll

C:\WINDOWS\system32\kenriboi.exe

C:\WINDOWS\system32\kfbpneah.exe

C:\WINDOWS\system32\kgjqquyp.exe

C:\WINDOWS\system32\kucyphse.exe

C:\WINDOWS\system32\kyivogro.exe

C:\WINDOWS\system32\lgrcfadw.exe

C:\WINDOWS\system32\lhjrqpjl.ini

C:\WINDOWS\system32\ljpqrjhl.dll

C:\WINDOWS\system32\lktomsbw.ini

C:\WINDOWS\system32\lnuumhqb.dll

C:\WINDOWS\system32\lnvctyvj.dll

C:\WINDOWS\system32\lowmlpwo.exe

C:\WINDOWS\system32\lvbmpsus.dll

C:\WINDOWS\system32\lycwtgab.exe

C:\WINDOWS\system32\mcxgrtmx.dll

C:\WINDOWS\system32\mdjdjili.exe

C:\WINDOWS\system32\mdvqcpgc.ini

C:\WINDOWS\system32\meysamep.dll

C:\WINDOWS\system32\mglkcvjv.dll

C:\WINDOWS\system32\mjwfxpxq.dll

C:\WINDOWS\system32\mlwofdnd.dll

C:\WINDOWS\system32\msgqweat.dll

C:\WINDOWS\system32\msnav32.ax

C:\WINDOWS\system32\mwbwgpjn.dll

C:\WINDOWS\system32\mwfbnena.dll

C:\WINDOWS\system32\myjofuoq.dll

C:\WINDOWS\system32\nadfkbag.dll

C:\WINDOWS\system32\nddilyev.dll

C:\WINDOWS\system32\ndrgdnvl.exe

C:\WINDOWS\system32\nesjrsxx.dll

C:\WINDOWS\system32\nevscrxn.dll

C:\WINDOWS\system32\nfgjeagj.dll

C:\WINDOWS\system32\nibytoql.exe

C:\WINDOWS\system32\njamouys.dll

C:\WINDOWS\system32\nkekfxqw.dll

C:\WINDOWS\system32\nndsregr.exe

C:\WINDOWS\system32\nqdsregl.exe

C:\WINDOWS\system32\nrktqgic.dll

C:\WINDOWS\system32\nsxbfjmw.dll

C:\WINDOWS\system32\ntoskrnl.dll

C:\WINDOWS\system32\ntsystem.exe

C:\WINDOWS\system32\nvisjnoq.exe

C:\WINDOWS\system32\nyhidhyq.ini

C:\WINDOWS\system32\oaytyetn.exe

C:\WINDOWS\system32\odaatpea.dll

C:\WINDOWS\system32\oeouhurh.dll

C:\WINDOWS\system32\oglxorsd.dll

C:\WINDOWS\system32\oiqniptm.dll

C:\WINDOWS\system32\oiwvdsog.ini

C:\WINDOWS\system32\ojkqctag.dll

C:\WINDOWS\system32\okejbrrf.dll

C:\WINDOWS\system32\onwhyfmt.dll

C:\WINDOWS\system32\oqnamfcu.dll

C:\WINDOWS\system32\orqlrfmg.ini

C:\WINDOWS\system32\otugbaqh.exe

C:\WINDOWS\system32\paeojecy.dll

C:\WINDOWS\system32\pdtofpbs.dll

C:\WINDOWS\system32\pkjtyjjy.exe

C:\WINDOWS\system32\pkvwfxgd.dll

C:\WINDOWS\system32\ppoyohrt.dll

C:\WINDOWS\system32\pprnbwjk.exe

C:\WINDOWS\system32\pvhgvhgs.dll

C:\WINDOWS\system32\qciykuhn.dll

C:\WINDOWS\system32\qdoffpdv.exe

C:\WINDOWS\system32\qhijfeck.dll

C:\WINDOWS\system32\qlicpcrr.dll

C:\WINDOWS\system32\qomkkli.dll

C:\WINDOWS\system32\qotpagef.exe

C:\WINDOWS\system32\qpqteinu.exe

C:\WINDOWS\system32\qqarqifi.dll

C:\WINDOWS\system32\qtbbwetl.dll

C:\WINDOWS\system32\qwfbecsq.exe

C:\WINDOWS\system32\qwjyfxuu.dll

C:\WINDOWS\system32\qyhdihyn.dll

C:\WINDOWS\system32\qysspigl.dll

C:\WINDOWS\system32\rallpfnp.exe

C:\WINDOWS\system32\raxbrxbl.dll

C:\WINDOWS\system32\rjjrbnov.dll

C:\WINDOWS\system32\rqrpopp.dll

C:\WINDOWS\system32\rqtwovxc.exe

C:\WINDOWS\system32\rqumniwq.dll

C:\WINDOWS\system32\rrcpcilq.ini

C:\WINDOWS\system32\rttlieuk.exe

C:\WINDOWS\system32\rxaptshh.exe

C:\WINDOWS\system32\rxwytmwg.dll

C:\WINDOWS\system32\rycnoyhp.exe

C:\WINDOWS\system32\rydfhiix.dll

C:\WINDOWS\system32\ryoqhuub.exe

C:\WINDOWS\system32\samlechj.dll

C:\WINDOWS\system32\scpqgari.dll

C:\WINDOWS\system32\sduhkrwu.dll

C:\WINDOWS\system32\shpjarbo.dll

C:\WINDOWS\system32\sibefjyd.exe

C:\WINDOWS\system32\speqljlh.exe

C:\WINDOWS\system32\srllumfg.dll

C:\WINDOWS\system32\sttxpqff.dll

C:\WINDOWS\system32\svqidone.exe

C:\WINDOWS\system32\sxgltakf.dll

C:\WINDOWS\system32\T3

C:\WINDOWS\system32\T3\am67.exe

C:\WINDOWS\system32\T4

C:\WINDOWS\system32\T4\amst5.exe

C:\WINDOWS\system32\T6

C:\WINDOWS\system32\T6\amwr.exe

C:\WINDOWS\system32\T7

C:\WINDOWS\system32\T7\icm.exe

C:\WINDOWS\system32\tbutypwo.dll

C:\WINDOWS\system32\tchtmuvk.dll

C:\WINDOWS\system32\tcojoopq.dll

C:\WINDOWS\system32\tdfcmlij.dll

C:\WINDOWS\system32\tnpaqkjw.dll

C:\WINDOWS\system32\tnyppfct.dll

C:\WINDOWS\system32\tpmqpwft.dll

C:\WINDOWS\system32\tqfcunch.ini

C:\WINDOWS\system32\trhoyopp.ini

C:\WINDOWS\system32\tsfgwmnl.dll

C:\WINDOWS\system32\tuikyyob.ini

C:\WINDOWS\system32\ufbgrvjb.dll

C:\WINDOWS\system32\uuckaydq.dll

C:\WINDOWS\system32\uvahntua.dll

C:\WINDOWS\system32\vbrsxbte.dll

C:\WINDOWS\system32\vdxholpx.exe

C:\WINDOWS\system32\vewjjiax.dll

C:\WINDOWS\system32\vfoxousf.dll

C:\WINDOWS\system32\vfvtugxx.dll

C:\WINDOWS\system32\vgfhislg.dll

C:\WINDOWS\system32\vgggwxop.dll

C:\WINDOWS\system32\vhtyymyl.dll

C:\WINDOWS\system32\visglvuq.dll

C:\WINDOWS\system32\vjvcklgm.ini

C:\WINDOWS\system32\vmjejkqv.dll

C:\WINDOWS\system32\vmsmtlsk.dll

C:\WINDOWS\system32\vqebpndy.exe

C:\WINDOWS\system32\vqoxtpiv.dll

C:\WINDOWS\system32\vsdrexnc.dll

C:\WINDOWS\system32\vtljycbi.dll

C:\WINDOWS\system32\vwhpneca.dll

C:\WINDOWS\system32\vxkrlppb.dll

C:\WINDOWS\system32\vxspctwd.dll

C:\WINDOWS\system32\vyjvwivj.exe

C:\WINDOWS\system32\vytwnhsd.dll

C:\WINDOWS\system32\wayrhogm.exe

C:\WINDOWS\system32\wbsmotkl.dll

C:\WINDOWS\system32\wepmqwxk.dll

C:\WINDOWS\system32\wgvysnar.exe

C:\WINDOWS\system32\winpfz32.sys

C:\WINDOWS\system32\wjgoeila.dll

C:\WINDOWS\system32\wjrnjybv.dll

C:\WINDOWS\system32\wkiokmhh.dll

C:\WINDOWS\system32\wqonxfng.dll

C:\WINDOWS\system32\wtbefdfe.dll

C:\WINDOWS\system32\wtukhadd.exe

C:\WINDOWS\system32\wupmbhvc.exe

C:\WINDOWS\system32\xhhurgve.exe

C:\WINDOWS\system32\xiiujhcl.dll

C:\WINDOWS\system32\xoydhnfp.exe

C:\WINDOWS\system32\xpjvqujx.dll

C:\WINDOWS\system32\xqkvejyw.exe

C:\WINDOWS\system32\xqrdxqau.exe

C:\WINDOWS\system32\xxbjstoh.exe

C:\WINDOWS\system32\xywipetm.dll

C:\WINDOWS\system32\ybdquoib.dll

C:\WINDOWS\system32\ygowfdnl.dll

C:\WINDOWS\system32\yhdhpewg.ini

C:\WINDOWS\system32\yhfxevrx.exe

C:\WINDOWS\system32\yhvpubck.exe

C:\WINDOWS\system32\yignryrw.dll

C:\WINDOWS\system32\zxdnt3d.cfg

C:\WINDOWS\wr.txt

C:\winstall.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE

-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))

2007-08-19 20:53 <DIR> d-------- C:\Program Files\VSAdd-in

2007-08-19 19:28 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-18 20:43 <DIR> d-------- C:\WINDOWS\pss

2007-08-17 15:38 92,880 --a------ C:\DOCUME~1\ANAPIT~1\APPLIC~1\errprotec.exe

2007-08-16 15:29 6,144 --a------ C:\WINDOWS\system32\spoolvs.exe

2007-08-16 15:29 6,144 --a------ C:\DOCUME~1\ANAPIT~1\APPLIC~1\findfast.exe

2007-08-16 15:29 50,847 --a------ C:\DOCUME~1\ANAPIT~1\APPLIC~1\spoolsv.dll

2007-08-11 20:31 <DIR> d-------- C:\Program Files\Airhogs

2007-08-03 01:07 95,696 --a------ C:\DOCUME~1\ANAPIT~1\APPLIC~1\sysdoctor.exe

2007-07-31 12:19 322,968 --a------ C:\DOCUME~1\ANAPIT~1\APPLIC~1\protector.exe

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-19 20:54 --------- d-------- C:\DOCUME~1\ANAPIT~1\APPLIC~1\SearchToolbarCorp

2007-08-19 20:53 88340 --a------ C:\WINDOWS\system32\yjaseyfj.exe

2007-08-16 19:25 --------- d-------- C:\Program Files\Movie Maker

2007-08-04 12:31 122648 --a------ C:\DOCUME~1\ANAPIT~1\APPLIC~1\drvcleaner.exe

2007-07-25 12:29 --------- d-------- C:\Program Files\PestTrap

2007-07-24 12:53 --------- d-------- C:\DOCUME~1\ANAPIT~1\APPLIC~1\tiny

2007-07-18 23:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-18 10:27 --------- d-------- C:\DOCUME~1\ANAPIT~1\APPLIC~1\ultra

2007-07-16 14:56 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-07-14 13:26 --------- d-------- C:\Program Files\Ulead Systems

2007-07-14 13:00 192622 --a------ C:\WINDOWS\system32\swinoodt.exe

2007-07-12 16:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

2007-07-10 12:17 87248 --a------ C:\DOCUME~1\ANAPIT~1\APPLIC~1\antivir.exe

2007-07-08 19:36 --------- d-------- C:\Program Files\Crazy Browser

2007-06-29 11:48 2 --a------ C:\DOCUME~1\ANAPIT~1\APPLIC~1\xxx.exe

2007-06-27 07:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-27 07:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-27 07:34 6058496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll

2007-06-27 07:34 52224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-06-27 07:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-27 07:34 459264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-06-27 07:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll

2007-06-27 07:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-06-27 07:34 383488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-06-27 07:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-27 07:34 267776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll

2007-06-27 07:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll

2007-06-27 07:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-06-27 07:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-27 07:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-06-27 07:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-27 07:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll

2007-06-27 07:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-27 07:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll

2007-06-27 07:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll

2007-06-27 01:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-06-27 01:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe

2007-06-27 01:27 13824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-06-27 00:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll

2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-22 17:09 124948 --a------ C:\WINDOWS\system32\gtceqejl.dll

2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-13 03:23 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe

2007-06-01 04:00 192622 --a------ C:\WINDOWS\system32\owinrodt.exe

2004-06-07 01:59 18432 --a------ C:\DOCUME~1\ANAPIT~1\APPLIC~1\xlibgfl254.dll

2005-11-23 01:30:03 27,661 --sha-w C:\WINDOWS\system32\ddcay.dll

2006-11-10 00:20:27 712,724 --sha-w C:\WINDOWS\system32\1025\bdva.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}]

2007-08-19 20:53 68864 --a------ C:\Program Files\VSAdd-in\VSAdd-in.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACFBFE1C-226C-4B6D-B097-779C319DF912}]

2006-11-09 17:20 712724 --ahs---- C:\WINDOWS\system32\1025\bdva.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]

2007-08-19 20:55 69140 --a------ C:\WINDOWS\system32\lxglxebd.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{74DD705D-6834-439C-A735-A6DBE2677452}"= C:\Program Files\VSAdd-in\VSAdd-in.dll [2007-08-19 20:53 68864]

[HKEY_CLASSES_ROOT\CLSID\{74DD705D-6834-439C-A735-A6DBE2677452}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-10-30 01:46]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-10-30 01:33]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-05-03 22:22]

"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 10:15]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 10:15]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-04-21 11:28]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-05-03 23:47]

"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 08:33]

"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-10-24 12:15]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-13 13:17]

"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2004-08-18 08:44]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2004-12-24 03:56]

"s75Q33W"="terfos.exe" []

"CamCheck"="C:\Program Files\NuCam\CamCheck\CamCheck.exe" [2002-11-06 17:52]

"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 18:48]

"svhost"="C:\WINDOWS\svhost.exe" []

"findfast"="C:\Documents and Settings\Ana Pittell\Application Data\findfast.exe" [2007-08-16 15:29]

"LaserJet"="C:\WINDOWS\system32\spoolvs.exe" [2007-08-16 15:29]

"svchost"="C:\Documents and Settings\Ana Pittell\Start Menu\Programs\Startup\svchost.exe" [2007-08-16 15:29]

"SystemOptimizer"="C:\WINDOWS\system32\jlhwrtlt.dll" [2007-08-19 20:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RecordNow!"="" []

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:00]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2004-08-06 16:33]

"dwu4RTaFj"="sorogmsg.exe" []

"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2004-02-25 11:48]

"MoneyAgent"="c:\Program Files\Microsoft Money\System\mnyexpr.exe" []

"SysProtect Free"="C:\Program Files\SysProtect Free\USYP.exe" []

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []

"Tbsa"="C:\PROGRA~1\COMMON~1\YSTEM3~1\tracert.exe" []

"findfast"="C:\Documents and Settings\Ana Pittell\Application Data\findfast.exe" [2007-08-16 15:29]

"LaserJet"="C:\WINDOWS\system32\spoolvs.exe" [2007-08-16 15:29]

"svchost"="C:\Documents and Settings\Ana Pittell\Start Menu\Programs\Startup\svchost.exe" [2007-08-16 15:29]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

Source= C:\Documents and Settings\Ana Pittell\My Documents\My Pictures\home01.jpg

FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bdva]

C:\WINDOWS\system32\1025\bdva.dll 2006-11-09 17:20 712724 C:\WINDOWS\system32\1025\bdva.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll, xlibgfl254.dll, append.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ana Pittell^Start Menu^Programs^Startup^Think-Adz.lnk]

path=C:\Documents and Settings\Ana Pittell\Start Menu\Programs\Startup\Think-Adz.lnk

backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3DBoxShot]

C:\PROGRA~1\3DBOXS~1\3DBoxShot.exe

R2 Blink2PnP;Blink2PnP;C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe

R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS

R2 DP1112;DP1112;\??\C:\WINDOWS\system32\Drivers\DP.sys

R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS

S3 DCamUSBBVI;SiPix StyleCam BlinkII Dual Mode Camera;C:\WINDOWS\system32\Drivers\biomini.sys

Contents of the 'Scheduled Tasks' folder

2007-08-18 03:00:51 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Ana Pittell.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-19 20:51:49

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????8?1?1?2??????? ???B???????????????B? ??????

scanning hidden files ...

C:\WINDOWS\system32\lxglxebd.dll

C:\WINDOWS\system32\yjaseyfj.exe

C:\WINDOWS\system32\yvsactgp.exe

scan completed successfully

hidden files: 3

**************************************************************************

Completion time: 2007-08-19 21:07:41 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-08-19 21:07

--- E O F ---

Link to post
Share on other sites
jwbirdsong

jwbirdsong

Posted
Posted

Open Notepad and copy/paste the text in the quotebox below into it:

File::

C:\Documents and Settings\Ana Pittell\Start Menu\Programs\Startup\svchost.exe

C:\WINDOWS\system32\yjaseyfj.exe

C:\WINDOWS\system32\swinoodt.exe

C:\DOCUME~1\ANAPIT~1\APPLIC~1\xxx.exe

C:\DOCUME~1\ANAPIT~1\APPLIC~1\findfast.exe

C:\DOCUME~1\ANAPIT~1\APPLIC~1\spoolsv.dll

C:\DOCUME~1\ANAPIT~1\APPLIC~1\errprotec.exe

FileLook::

C:\DOCUME~1\ANAPIT~1\APPLIC~1\sysdoctor.exe

C:\DOCUME~1\ANAPIT~1\APPLIC~1\protector.exe

Submit::

C:\WINDOWS\system32\lxglxebd.dll

C:\WINDOWS\system32\yjaseyfj.exe

C:\WINDOWS\system32\yvsactgp.exe

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46A4E9D9-B30E-452A-8157-DBBEC8573B03}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACFBFE1C-226C-4B6D-B097-779C319DF912}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACFBFE1C-226C-4B6D-B097-779C319DF912}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"s75Q33W"=-

"svhost"=-

"findfast"=-

"LaserJet"=-

"svchost"=-

"SystemOptimizer"="-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Tbsa"=-

"findfast"="-

"LaserJet"=-

"svchost"="-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bdva]

Save this as CFScript.txt

Then drag/drop the CFScript.txt onto ComboFix.exe as you see in the screenshot below.

CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Additonally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip

Please submit this file to:

http://www.bleepingcomputer.com/submit-malware.php?channel=4

Please include a link to this topic in the message.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing