1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Systray Pop-up, fake system messages; same problem of another user but don't solved..

Discussion in 'Virus & Other Malware Removal' started by AIO, Oct 28, 2007.

Thread Status:
Not open for further replies.
  1. AIO

    AIO Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    3
    Hi to all, I have this same identical problem:
    http://forums.techguy.org/malware-r...40564-solved-malware-disgused-ie-windows.html

    I followed these precious instructions to the end, end the problem disappeared.
    BUT.
    After un hour of "navigation" (I was away from the pc and I have only visted one forum and ran Itunes) the system message appeared again.

    I have a connection from 3 days and I have only the Windows firewall, (but there is also a firewall in the router). I discovered with horror that the windows and the router firewalls were turned off...:eek:. Maybe it was for this, I don't know.

    Well, I downloaded the comodo free firewall, and i turned on the other two firewalls.
    I am repeating the sequence indicated in that post, but I thought it is better show the logs here to you. My compliments for your invaluable work.

    PS: In this moment I am doing a back up of my files in an external HDD
    PPS: At the startup Windows sometimes freezed, showing only the wallpaper image and the mouse cursor. I made a reebot but I'm really worried.. :(

    Thanks, here are my logs:

    HIJACKTHIS

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15.56.44, on 28/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\a-squared Anti-Dialer\a2service.exe
    C:\Programmi\a-squared Free\a2service.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Programmi\Comodo\Firewall\cmdagent.exe
    C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
    C:\Programmi\ULI5289\ALi5289.exe
    C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\Programmi\Winamp\winampa.exe
    C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
    C:\Programmi\Spyware Doctor\SDTrayApp.exe
    C:\Programmi\McAfee.com\VSO\mcvsshld.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Programmi\SiteAdvisor\6028\SiteAdv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\Comodo\Firewall\CPF.exe
    C:\Programmi\RocketDock\RocketDock.exe
    C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    c:\programmi\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\McAfee\MPF\MPFSrv.exe
    C:\Programmi\CyberLink\Shared Files\RichVideo.exe
    C:\Programmi\Spyware Doctor\svcntaux.exe
    C:\Programmi\Spyware Doctor\swdsvc.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Programmi\SiteAdvisor\6028\SAService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
    C:\Programmi\Sitecom Wireless Network Card Setup\RtWLan.exe
    c:\programmi\mcafee\msc\mcuimgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6028\SiteAdv.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {89D19B93-FE84-47B2-9A37-813740C27C23} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\rylzrjuf.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\Programmi\Babya Logic\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6028\SiteAdv.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rylzrjuf.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [ALi5289] C:\Programmi\ULI5289\ALi5289.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
    O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
    O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
    O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Programmi\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6028\SiteAdv.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
    O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Sitecom Wireless Utility.lnk = ?
    O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.it
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126113138421
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: byxwwwt - byxwwwt.dll (file missing)
    O20 - Winlogon Notify: rylzrjuf - C:\WINDOWS\SYSTEM32\rylzrjuf.dll
    O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmi\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
    O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmi\SiteAdvisor\6028\SAService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
    O24 - Desktop Component 0: (no name) - About:Home

    --
    End of file - 12195 bytes





    COMBOFIX

    ComboFix 07-10-23.2 - Mario 2007-10-28 16.02.34.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.446 [GMT 1:00]
    Running from: C:\Documents and Settings\Mario\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Mario\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Mario\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Mario\Preferiti\Online Security Guide.lnk
    C:\WINDOWS\system32\rylzrjuf.dllbox

    .
    ((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))
    .

    2007-10-28 13:56 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\Comodo
    2007-10-28 13:51 <DIR> d-------- C:\Programmi\Comodo
    2007-10-28 12:12 <DIR> d-------- C:\!KillBox
    2007-10-28 10:39 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
    2007-10-28 10:39 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\SUPERAntiSpyware.com
    2007-10-28 10:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-28 09:56 <DIR> d-------- C:\Programmi\Trend Micro
    2007-10-28 00:35 267,592 --a------ C:\Programmi\Uninstall Ask Toolbar.dll
    2007-10-27 21:33 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-27 21:33 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-27 21:33 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-27 21:32 <DIR> d-------- C:\Programmi\Alwil Software
    2007-10-27 21:32 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-10-27 21:32 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-10-27 21:32 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-27 21:32 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-27 18:54 <DIR> d-------- C:\Programmi\SiteAdvisor
    2007-10-27 18:54 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\SiteAdvisor
    2007-10-27 18:54 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\SiteAdvisor
    2007-10-27 18:53 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
    2007-10-27 18:50 <DIR> d-------- C:\Programmi\McAfee
    2007-10-27 18:50 <DIR> d-------- C:\Programmi\File comuni\McAfee
    2007-10-27 18:43 <DIR> d-------- C:\Programmi\CIFP
    2007-10-27 18:16 <DIR> d-------- C:\Programmi\Lavasoft
    2007-10-27 18:16 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
    2007-10-27 18:13 <DIR> d-------- C:\Programmi\CCleaner
    2007-10-27 18:12 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
    2007-10-27 18:11 <DIR> d-------- C:\Programmi\McAfee.com
    2007-10-27 18:11 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
    2007-10-27 18:11 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
    2007-10-27 10:15 <DIR> dr-h----- C:\$VAULT$.AVG
    2007-10-27 10:04 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
    2007-10-27 09:39 340,032 --a------ C:\WINDOWS\system32\rylzrjuf.dll
    2007-10-27 09:38 340,032 --a------ C:\WINDOWS\system32\sscequcs.dll
    2007-10-26 13:06 3,163 --a------ C:\WINDOWS\system32\z.dat
    2007-10-26 13:06 255 --a------ C:\WINDOWS\system32\2678.bat
    2007-10-26 13:06 84 --a------ C:\WINDOWS\system32\n.bat
    2007-10-26 13:05 <DIR> d--hs---- C:\WINDOWS\TWFyaW8gTW9yYW5kaQ
    2007-10-26 13:05 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-10-26 11:56 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\uTorrent
    2007-10-26 11:10 <DIR> d-------- C:\Documents and Settings\Mario\Incomplete
    2007-10-26 11:10 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\FrostWire
    2007-10-26 10:14 <DIR> d-------- C:\WINDOWS\system32\cache329
    2007-10-26 10:10 <DIR> d-------- C:\WINDOWS\cdmxtras
    2007-10-25 22:58 103,876 --ah----- C:\WINDOWS\system32\mlfcache.dat
    2007-10-24 16:52 <DIR> d-------- C:\Programmi\Spyware Doctor
    2007-10-24 16:52 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\PC Tools
    2007-10-24 16:52 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-10-24 16:52 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-24 16:52 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-24 16:52 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-24 16:52 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-10-24 08:03 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\Apple Computer
    2007-10-24 08:02 <DIR> d-------- C:\Programmi\iPod
    2007-10-24 06:30 <DIR> d-------- C:\Programmi\Opera
    2007-10-23 23:31 <DIR> d-------- C:\Programmi\a-squared Anti-Dialer
    2007-10-23 23:26 <DIR> d-------- C:\Programmi\a-squared Free
    2007-10-23 23:24 <DIR> d-------- C:\Programmi\a-squared HiJackFree
    2007-10-23 21:14 <DIR> d-------- C:\Programmi\Microsoft CAPICOM 2.1.0.2
    2007-10-23 18:00 <DIR> d-------- C:\Documents and Settings\Mario\Contacts
    2007-10-23 17:58 <DIR> d-------- C:\Programmi\Windows Live Toolbar
    2007-10-23 17:57 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
    2007-10-23 17:57 <DIR> d-------- C:\Programmi\MSN Messenger
    2007-10-23 17:46 <DIR> d--h----- C:\Documents and Settings\Mario\Dati applicazioni\m
    2007-10-18 13:23 194,304 --a------ C:\WINDOWS\system32\drivers\rtl8187.sys
    2007-10-18 13:22 <DIR> d-------- C:\WINDOWS\system32\RTL8187
    2007-10-18 13:22 <DIR> d-------- C:\Programmi\Sitecom Wireless Network Card Setup
    2007-10-18 13:22 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\InstallShield
    2007-10-18 13:22 38,144 -ra------ C:\WINDOWS\system32\drivers\EAPPkt.sys
    2007-10-18 13:22 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-24 08:28 18,697,746 --sh--r C:\AVG7DB_F.DAT
    2007-08-22 14:12 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 14:12 661,504 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 14:12 616,448 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 14:12 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 14:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 14:12 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 14:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 14:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 14:12 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 14:12 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 14:12 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 14:12 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 14:12 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 14:12 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 14:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 14:12 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 14:12 1,056,256 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 14:12 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 11:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 07:16 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 07:16 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 14:46 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
    2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2005-11-30 15:51 40 ----a-w C:\Documents and Settings\Mario\language.dat
    2005-11-13 12:04:52 56 --sh--r C:\WINDOWS\system32\62CE682105.sys
    .

    ((((((((((((((((((((((((((((( [email protected]_10.34.42.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
    + 2007-10-28 09:39:24 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
    + 2007-10-28 09:39:24 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    + 2007-10-28 09:39:24 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    + 2007-10-28 12:51:46 75,520 ----a-w C:\WINDOWS\system32\drivers\cmdmon.sys
    + 2007-10-28 12:51:46 51,328 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89D19B93-FE84-47B2-9A37-813740C27C23}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-10-27 09:39 340032 --a------ C:\WINDOWS\system32\rylzrjuf.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\rylzrjuf.dll [2007-10-27 09:39 340032]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-26 10:04]
    "AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-10-26 10:04]
    "ALi5289"="C:\Programmi\ULI5289\ALi5289.exe" [2005-06-07 14:16]
    "ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 21:05]
    "H2O"="C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46]
    "QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 18:58]
    "WinampAgent"="C:\Programmi\Winamp\winampa.exe" [2006-06-21 19:14]
    "a-squared"="C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" [2007-07-16 21:48]
    "a-squared Anti-Dialer"="C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" [2007-07-16 21:48]
    "SDTray"="C:\Programmi\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
    "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
    "VirusScan Online"="C:\Programmi\McAfee.com\VSO\mcvsshld.exe" [2005-07-01 20:42]
    "OASClnt"="C:\Programmi\McAfee.com\VSO\oasclnt.exe" [2005-07-01 20:42]
    "SiteAdvisor"="C:\Programmi\SiteAdvisor\6028\SiteAdv.exe" [2007-02-09 04:39]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
    "COMODO Firewall Pro"="C:\Programmi\Comodo\Firewall\CPF.exe" [2007-10-28 13:51]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="C:\Programmi\RocketDock\RocketDock.exe" [2007-01-28 03:55]
    "swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-24 22:52]
    "SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwwwt]
    byxwwwt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rylzrjuf]
    rylzrjuf.dll 2007-10-27 09:39 340032 C:\WINDOWS\system32\rylzrjuf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
    "swg"=C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Emurayden PSX Emulator"=
    "Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    "PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
    "atwtusb"=atwtusb.exe beta
    "ElbyCheckAnyDVD"="C:\Programmi\AnyDVD\ElbyCheck.exe" /L AnyDVD
    "CloneDVDElbyDelay"="C:\Programmi\CloneDVD\ElbyCheck.exe" /L ElbyDelay
    "HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    "iTunesHelper"="D:\Programmi\iTunes\iTunesHelper.exe"
    "RemoteControl"=C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    "SoundMan"=SOUNDMAN.EXE
    "TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

    R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys
    R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys
    R2 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Programmi\a-squared Anti-Dialer\a2service.exe"
    R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
    R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS
    R3 vgadrv;vgadrv;C:\WINDOWS\system32\DRIVERS\vgadrv.sys
    S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys
    S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2006-01-30 10:35:08 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1128764012.job"
    - C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
    "2007-10-27 17:53:16 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\programmi\mcafee\mqc\QcConsol.exe
    "2007-10-27 17:53:16 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\programmi\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-28 16:23:36
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-28 16:27:09 - machine was rebooted
    C:\ComboFix2.txt ... 2007-10-28 10:35
    .
    --- E O F ---
     
  2. AIO

    AIO Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    3
    I hope I didn't write something wrong...
    I saw that other newer posts have replies, so

    bump

    and now I'll wait at least 24 h, sorry
    thanks
     
  3. AIO

    AIO Thread Starter

    Joined:
    Oct 28, 2007
    Messages:
    3
    Solved, you can close the topic.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/644744

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice