Systray Pop-up, fake system messages; same problem of another user but don't solved..

AIO · Oct 28, 2007

Hi to all, I have this same identical problem:
http://forums.techguy.org/malware-r...40564-solved-malware-disgused-ie-windows.html

I followed these precious instructions to the end, end the problem disappeared.
BUT.
After un hour of "navigation" (I was away from the pc and I have only visted one forum and ran Itunes) the system message appeared again.

I have a connection from 3 days and I have only the Windows firewall, (but there is also a firewall in the router). I discovered with horror that the windows and the router firewalls were turned off.... Maybe it was for this, I don't know.

Well, I downloaded the comodo free firewall, and i turned on the other two firewalls.
I am repeating the sequence indicated in that post, but I thought it is better show the logs here to you. My compliments for your invaluable work.

PS: In this moment I am doing a back up of my files in an external HDD
PPS: At the startup Windows sometimes freezed, showing only the wallpaper image and the mouse cursor. I made a reebot but I'm really worried..

Thanks, here are my logs:

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.56.44, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
C:\Programmi\ULI5289\ALi5289.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Programmi\SiteAdvisor\6028\SiteAdv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\programmi\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\McAfee\MPF\MPFSrv.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Sitecom Wireless Network Card Setup\RtWLan.exe
c:\programmi\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89D19B93-FE84-47B2-9A37-813740C27C23} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\rylzrjuf.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\Programmi\Babya Logic\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6028\SiteAdv.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rylzrjuf.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ALi5289] C:\Programmi\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmi\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Sitecom Wireless Utility.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.it
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126113138421
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: byxwwwt - byxwwwt.dll (file missing)
O20 - Winlogon Notify: rylzrjuf - C:\WINDOWS\SYSTEM32\rylzrjuf.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programmi\File comuni\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programmi\file comuni\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programmi\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmi\SiteAdvisor\6028\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - About:Home

--
End of file - 12195 bytes

COMBOFIX

ComboFix 07-10-23.2 - Mario 2007-10-28 16.02.34.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.446 [GMT 1:00]
Running from: C:\Documents and Settings\Mario\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mario\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Mario\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Mario\Preferiti\Online Security Guide.lnk
C:\WINDOWS\system32\rylzrjuf.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))
.

2007-10-28 13:56 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\Comodo
2007-10-28 13:51 <DIR> d-------- C:\Programmi\Comodo
2007-10-28 12:12 <DIR> d-------- C:\!KillBox
2007-10-28 10:39 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2007-10-28 10:39 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\SUPERAntiSpyware.com
2007-10-28 10:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 09:56 <DIR> d-------- C:\Programmi\Trend Micro
2007-10-28 00:35 267,592 --a------ C:\Programmi\Uninstall Ask Toolbar.dll
2007-10-27 21:33 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-27 21:33 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-27 21:33 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-27 21:32 <DIR> d-------- C:\Programmi\Alwil Software
2007-10-27 21:32 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-27 21:32 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-27 21:32 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-27 21:32 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-27 18:54 <DIR> d-------- C:\Programmi\SiteAdvisor
2007-10-27 18:54 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\SiteAdvisor
2007-10-27 18:54 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\SiteAdvisor
2007-10-27 18:53 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-10-27 18:50 <DIR> d-------- C:\Programmi\McAfee
2007-10-27 18:50 <DIR> d-------- C:\Programmi\File comuni\McAfee
2007-10-27 18:43 <DIR> d-------- C:\Programmi\CIFP
2007-10-27 18:16 <DIR> d-------- C:\Programmi\Lavasoft
2007-10-27 18:16 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2007-10-27 18:13 <DIR> d-------- C:\Programmi\CCleaner
2007-10-27 18:12 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-10-27 18:11 <DIR> d-------- C:\Programmi\McAfee.com
2007-10-27 18:11 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-10-27 18:11 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-10-27 10:15 <DIR> dr-h----- C:\$VAULT$.AVG
2007-10-27 10:04 <DIR> dr------- C:\Documents and Settings\LocalService\Preferiti
2007-10-27 09:39 340,032 --a------ C:\WINDOWS\system32\rylzrjuf.dll
2007-10-27 09:38 340,032 --a------ C:\WINDOWS\system32\sscequcs.dll
2007-10-26 13:06 3,163 --a------ C:\WINDOWS\system32\z.dat
2007-10-26 13:06 255 --a------ C:\WINDOWS\system32\2678.bat
2007-10-26 13:06 84 --a------ C:\WINDOWS\system32\n.bat
2007-10-26 13:05 <DIR> d--hs---- C:\WINDOWS\TWFyaW8gTW9yYW5kaQ
2007-10-26 13:05 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-10-26 11:56 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\uTorrent
2007-10-26 11:10 <DIR> d-------- C:\Documents and Settings\Mario\Incomplete
2007-10-26 11:10 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\FrostWire
2007-10-26 10:14 <DIR> d-------- C:\WINDOWS\system32\cache329
2007-10-26 10:10 <DIR> d-------- C:\WINDOWS\cdmxtras
2007-10-25 22:58 103,876 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-10-24 16:52 <DIR> d-------- C:\Programmi\Spyware Doctor
2007-10-24 16:52 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\PC Tools
2007-10-24 16:52 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-24 16:52 82,248 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-24 16:52 57,672 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-24 16:52 40,264 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-24 16:52 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-24 08:03 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\Apple Computer
2007-10-24 08:02 <DIR> d-------- C:\Programmi\iPod
2007-10-24 06:30 <DIR> d-------- C:\Programmi\Opera
2007-10-23 23:31 <DIR> d-------- C:\Programmi\a-squared Anti-Dialer
2007-10-23 23:26 <DIR> d-------- C:\Programmi\a-squared Free
2007-10-23 23:24 <DIR> d-------- C:\Programmi\a-squared HiJackFree
2007-10-23 21:14 <DIR> d-------- C:\Programmi\Microsoft CAPICOM 2.1.0.2
2007-10-23 18:00 <DIR> d-------- C:\Documents and Settings\Mario\Contacts
2007-10-23 17:58 <DIR> d-------- C:\Programmi\Windows Live Toolbar
2007-10-23 17:57 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2007-10-23 17:57 <DIR> d-------- C:\Programmi\MSN Messenger
2007-10-23 17:46 <DIR> d--h----- C:\Documents and Settings\Mario\Dati applicazioni\m
2007-10-18 13:23 194,304 --a------ C:\WINDOWS\system32\drivers\rtl8187.sys
2007-10-18 13:22 <DIR> d-------- C:\WINDOWS\system32\RTL8187
2007-10-18 13:22 <DIR> d-------- C:\Programmi\Sitecom Wireless Network Card Setup
2007-10-18 13:22 <DIR> d-------- C:\Documents and Settings\Mario\Dati applicazioni\InstallShield
2007-10-18 13:22 38,144 -ra------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2007-10-18 13:22 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 08:28 18,697,746 --sh--r C:\AVG7DB_F.DAT
2007-08-22 14:12 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 14:12 661,504 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 14:12 616,448 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 14:12 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 14:12 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 14:12 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 14:12 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 14:12 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 14:12 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 14:12 3,079,168 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 14:12 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 14:12 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 14:12 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 14:12 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 14:12 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 14:12 1,495,040 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 14:12 1,056,256 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 14:12 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 11:30 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 07:16 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 07:16 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 14:46 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 18:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2005-11-30 15:51 40 ----a-w C:\Documents and Settings\Mario\language.dat
2005-11-13 12:04:52 56 --sh--r C:\WINDOWS\system32\62CE682105.sys
.

((((((((((((((((((((((((((((( [email protected]_10.34.42.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-10-28 09:39:24 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-10-28 09:39:24 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-10-28 09:39:24 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-10-28 12:51:46 75,520 ----a-w C:\WINDOWS\system32\drivers\cmdmon.sys
+ 2007-10-28 12:51:46 51,328 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89D19B93-FE84-47B2-9A37-813740C27C23}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-27 09:39 340032 --a------ C:\WINDOWS\system32\rylzrjuf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\rylzrjuf.dll [2007-10-27 09:39 340032]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-26 10:04]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2007-10-26 10:04]
"ALi5289"="C:\Programmi\ULI5289\ALi5289.exe" [2005-06-07 14:16]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 21:05]
"H2O"="C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 18:58]
"WinampAgent"="C:\Programmi\Winamp\winampa.exe" [2006-06-21 19:14]
"a-squared"="C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" [2007-07-16 21:48]
"a-squared Anti-Dialer"="C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" [2007-07-16 21:48]
"SDTray"="C:\Programmi\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 18:18]
"VirusScan Online"="C:\Programmi\McAfee.com\VSO\mcvsshld.exe" [2005-07-01 20:42]
"OASClnt"="C:\Programmi\McAfee.com\VSO\oasclnt.exe" [2005-07-01 20:42]
"SiteAdvisor"="C:\Programmi\SiteAdvisor\6028\SiteAdv.exe" [2007-02-09 04:39]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"COMODO Firewall Pro"="C:\Programmi\Comodo\Firewall\CPF.exe" [2007-10-28 13:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Programmi\RocketDock\RocketDock.exe" [2007-01-28 03:55]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-24 22:52]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwwwt]
byxwwwt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rylzrjuf]
rylzrjuf.dll 2007-10-27 09:39 340032 C:\WINDOWS\system32\rylzrjuf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
"swg"=C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Emurayden PSX Emulator"=
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
"atwtusb"=atwtusb.exe beta
"ElbyCheckAnyDVD"="C:\Programmi\AnyDVD\ElbyCheck.exe" /L AnyDVD
"CloneDVDElbyDelay"="C:\Programmi\CloneDVD\ElbyCheck.exe" /L ElbyDelay
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"iTunesHelper"="D:\Programmi\iTunes\iTunesHelper.exe"
"RemoteControl"=C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
"SoundMan"=SOUNDMAN.EXE
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys
R2 a2AntiDialer;a-squared Anti-Dialer Service;"C:\Programmi\a-squared Anti-Dialer\a2service.exe"
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS
R3 vgadrv;vgadrv;C:\WINDOWS\system32\DRIVERS\vgadrv.sys
S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys

.
Contents of the 'Scheduled Tasks' folder
"2006-01-30 10:35:08 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1128764012.job"
- C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2007-10-27 17:53:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programmi\mcafee\mqc\QcConsol.exe
"2007-10-27 17:53:16 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programmi\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 16:23:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-28 16:27:09 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-28 10:35
.
--- E O F ---

AIO · Oct 28, 2007

I hope I didn't write something wrong...
I saw that other newer posts have replies, so

bump

and now I'll wait at least 24 h, sorry
thanks

AIO · Oct 31, 2007

Solved, you can close the topic.

Log in or Sign up

Systray Pop-up, fake system messages; same problem of another user but don't solved..

AIO Thread Starter

AIO Thread Starter

AIO Thread Starter

Welcome to Tech Support Guy!

In Progress Possible fake Norton's adviser intruding on Laptop

In Progress Fake Security Alert Popping up While Idle in Edge

Log in or Sign up

Systray Pop-up, fake system messages; same problem of another user but don't solved..

AIO Thread Starter

AIO Thread Starter

AIO Thread Starter

Welcome to Tech Support Guy!

In Progress Possible fake Norton's adviser intruding on Laptop

In Progress Fake Security Alert Popping up While Idle in Edge

Useful Searches