Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Doctor, Except Not


  • This topic is locked This topic is locked
7 replies to this topic

#1 biggyofmt

biggyofmt

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 06 August 2007 - 01:06 AM

I thought that it was the SystemDoctor2006, but my HiJackThis doesn't indicate any SystemDoctor files, nor is there a SystemDoctor director in C://Program Files.

I do have a malicious virus, but I have no idea what it is, which is why I seek your assistance. The virus manifests itself with pop-ups, tracking cookies (that automatically renew themselves after removal) and general system sluggishness (as well as computer freezes that I believe are related to the virus). The pop-ups include System Doctor, Casale Media, Win antivirus, Mediaclick, and many many others. The sheer volume of pop-ups makes work difficult.

Here is the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:04 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Impulse\PolicyKey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [c2c145] C:\WINDOWS\c2c145
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\lmjsyqvt.dll",forkonce
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Startup: PolicyKey.lnk = C:\Program Files\Impulse\PolicyKey.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Policy Key.lnk = C:\Program Files\Impulse\PolicyKey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rvhgnjos.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7127 bytes

Edited by biggyofmt, 06 August 2007 - 01:24 AM.


BC AdBot (Login to Remove)

 


m

#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:12 PM

Posted 06 August 2007 - 01:34 AM

Hello and welcome aboard :thumbsup:

Please download Combofix to your desktop:
  • Double-click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Hi there, stranger!

#3 biggyofmt

biggyofmt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 06 August 2007 - 10:12 PM

Thank you very much for the fast response!

I successfully installed and ran Combofix and here is the log file:

ComboFix 07-08-04.3 - "Lauren" 2007-08-06 19:55:46.1 [GMT -7:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\Lauren\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\Lauren\APPLIC~1.\winantispyware 2007 free
C:\DOCUME~1\Lauren\APPLIC~1.\winantispyware 2007 free\description.txt
C:\DOCUME~1\Lauren\APPLIC~1.\winantispyware 2007 free\DownloadUWAS7.url
C:\DOCUME~1\Lauren\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\winantispyware 2007
C:\Program Files\winantispyware 2007\msvcp71.doc
C:\Program Files\winantispyware 2007\msvcr71.doc
C:\Program Files\winantispyware 2007\shellext.doc
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\0c2
C:\temp\0c2\tmpFF.log
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\acdt-pid67n.exe
C:\WINDOWS\system32\A1
C:\WINDOWS\system32\A1\am52.exe
C:\WINDOWS\system32\A2
C:\WINDOWS\system32\A6
C:\WINDOWS\system32\A6\wr2.exe
C:\WINDOWS\system32\A7
C:\WINDOWS\system32\aegicvan.dll
C:\WINDOWS\system32\asqijrru.exe
C:\WINDOWS\system32\auuwbmpn.dll
C:\WINDOWS\system32\avyfonhr.exe
C:\WINDOWS\system32\awtrpnn.dll
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\brqwisde.exe
C:\WINDOWS\system32\byffymhq.exe
C:\WINDOWS\system32\byvtt.dll
C:\WINDOWS\system32\chqmdaew.dll
C:\WINDOWS\system32\dhanopox.exe
C:\WINDOWS\system32\dhjaacyc.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\dupogljd.exe
C:\WINDOWS\system32\dypdulkf.exe
C:\WINDOWS\system32\epejvbxw.exe
C:\WINDOWS\system32\esnrppwy.exe
C:\WINDOWS\system32\frmbjrnr.dll
C:\WINDOWS\system32\gebyyxw.dll
C:\WINDOWS\system32\ggaakakk.exe
C:\WINDOWS\system32\grkisijc.dll
C:\WINDOWS\system32\gycmksru.exe
C:\WINDOWS\system32\heoiclxd.dll
C:\WINDOWS\system32\hgstshhc.exe
C:\WINDOWS\system32\ihbmfypn.exe
C:\WINDOWS\system32\iinlhqst.exe
C:\WINDOWS\system32\imtejtja.dll
C:\WINDOWS\system32\iwjpsisc.exe
C:\WINDOWS\system32\iwkokobj.dll
C:\WINDOWS\system32\ixwhjvpo.dll
C:\WINDOWS\system32\jhlskeie.exe
C:\WINDOWS\system32\jiqjtmxl.exe
C:\WINDOWS\system32\jqahtkdf.dll
C:\WINDOWS\system32\jtlkphbm.exe
C:\WINDOWS\system32\jxpxupsm.exe
C:\WINDOWS\system32\klcqqadt.ini
C:\WINDOWS\system32\kpggogxi.exe
C:\WINDOWS\system32\lhclcnck.exe
C:\WINDOWS\system32\ljglyiwt.exe
C:\WINDOWS\system32\lkenhdiw.dll
C:\WINDOWS\system32\mfwnslxo.dll
C:\WINDOWS\system32\mkclijgb.dll
C:\WINDOWS\system32\mljjhhg.dll
C:\WINDOWS\system32\mmkxtxxx.exe
C:\WINDOWS\system32\mykgnxhf.exe
C:\WINDOWS\system32\ndvhlsuw.exe
C:\WINDOWS\system32\neqrxufr.dll
C:\WINDOWS\system32\nnpmcqpy.dll
C:\WINDOWS\system32\nqdoivxp.exe
C:\WINDOWS\system32\ntrxkjut.exe
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\omluypel.dll
C:\WINDOWS\system32\ovmwktmd.dll
C:\WINDOWS\system32\oyqxtcyr.exe
C:\WINDOWS\system32\peqliklm.exe
C:\WINDOWS\system32\piprpjor.dll
C:\WINDOWS\system32\pqosmeou.ini
C:\WINDOWS\system32\qjksfupc.dll
C:\WINDOWS\system32\qooipohx.exe
C:\WINDOWS\system32\qrcntvvo.exe
C:\WINDOWS\system32\rgctvoea.exe
C:\WINDOWS\system32\rgqkblkt.dll
C:\WINDOWS\system32\rhfgnsxc.exe
C:\WINDOWS\system32\roknfruu.dll
C:\WINDOWS\system32\siiwkswi.exe
C:\WINDOWS\system32\ssqqonk.dll
C:\WINDOWS\system32\stetwtrk.exe
C:\WINDOWS\system32\syttexra.dll
C:\WINDOWS\system32\T1
C:\WINDOWS\system32\T11
C:\WINDOWS\system32\T11\z553.exe
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T3\wr716.exe
C:\WINDOWS\system32\T5
C:\WINDOWS\system32\T7
C:\WINDOWS\system32\taljtmgu.dll
C:\WINDOWS\system32\tdaqqclk.dll
C:\WINDOWS\system32\tfxlvdxa.exe
C:\WINDOWS\system32\tqkbrwou.dll
C:\WINDOWS\system32\ttvyb.ini
C:\WINDOWS\system32\ubeijcel.dll
C:\WINDOWS\system32\ubrjgihk.exe
C:\WINDOWS\system32\uiwmdpnq.dll
C:\WINDOWS\system32\ujjbpmqp.exe
C:\WINDOWS\system32\uneniipt.exe
C:\WINDOWS\system32\uoemsoqp.dll
C:\WINDOWS\system32\urqytjbr.exe
C:\WINDOWS\system32\vflvnrsr.exe
C:\WINDOWS\system32\vuuvw.bak1
C:\WINDOWS\system32\vuuvw.bak2
C:\WINDOWS\system32\vuuvw.ini
C:\WINDOWS\system32\vuuvw.ini2
C:\WINDOWS\system32\vuuvw.tmp
C:\WINDOWS\system32\vypqekji.exe
C:\WINDOWS\system32\wdhweldt.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\wiqvmbxs.exe
C:\WINDOWS\system32\wsyvqsje.dll
C:\WINDOWS\system32\wvuuv.dll
C:\WINDOWS\system32\xtoovmqv.exe
C:\WINDOWS\system32\xvrrlwjg.exe
C:\WINDOWS\system32\ynkafelg.exe
C:\WINDOWS\system32\yvngoyid.dll
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\ApiMon
-------\core
-------\DomainService
-------\nm


((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


2007-08-06 19:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 23:37 125,460 --a------ C:\WINDOWS\system32\ybthhooj.dll
2007-08-05 22:43 125,460 --a------ C:\WINDOWS\system32\lmjsyqvt.dll
2007-08-05 22:43 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-05 22:09 125,460 --a------ C:\WINDOWS\system32\tasgepwl.dll
2007-08-05 21:16 125,460 --a------ C:\WINDOWS\system32\gthwuvvf.dll
2007-08-04 21:17 76,412 --a------ C:\WINDOWS\system32\oqalkjvo.dll
2007-07-27 14:16 <DIR> d-------- C:\DOCUME~1\Lauren\APPLIC~1\Viewpoint
2007-07-25 16:42 125,972 --a------ C:\WINDOWS\system32\umnvhhat.dll
2007-07-25 05:03 125,972 --a------ C:\WINDOWS\system32\ksovcwfg.dll
2007-07-25 04:30 125,972 --a------ C:\WINDOWS\system32\owgqbgbb.dll
2007-07-25 04:17 125,972 --a------ C:\WINDOWS\system32\nrtugldl.dll
2007-07-25 04:00 125,972 --a------ C:\WINDOWS\system32\dkiwkolw.dll
2007-07-24 17:59 125,972 --a------ C:\WINDOWS\system32\yfvcpans.dll
2007-07-22 02:44 <DIR> d-------- C:\Program Files\Veoh Networks


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-06 00:02 --------- d-------- C:\DOCUME~1\Lauren\APPLIC~1\.gaim
2007-07-28 02:59 --------- d-------- C:\Program Files\Impulse
2007-07-24 17:52 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-07-22 02:45 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-10 16:41 43062 --a------ C:\WINDOWS\WpAJTrYf67HazytRD.exe
2007-06-30 08:38 122900 --a------ C:\WINDOWS\system32\imrhvnnx.exe
2007-06-29 07:57 122900 --a------ C:\WINDOWS\system32\ndvjbgvb.exe
2007-06-23 00:32 --------- d-------- C:\Program Files\Gaim
2007-06-21 01:09 124436 --a------ C:\WINDOWS\system32\ujxpivgq.dll
2007-06-21 01:06 124436 --a------ C:\WINDOWS\system32\qvftcwjh.dll
2007-06-21 01:03 2580 --a------ C:\WINDOWS\system32\ajyxjqnk.exe
2007-06-21 00:53 76412 --a------ C:\WINDOWS\system32\mtkjeywk.dll
2007-06-20 16:40 124436 --a------ C:\WINDOWS\system32\thyioygs.dll
2007-06-19 23:39 124436 --a------ C:\WINDOWS\system32\kasklfsf.dll
2007-06-17 21:39 124436 --a------ C:\WINDOWS\system32\wlagdfyl.dll
2007-06-06 14:25 53248 --a------ C:\WINDOWS\112uninst.exe
2007-05-16 08:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E8B4CEE-6F83-454A-5A8D-E493F40B8DC7}]
C:\Program Files\MSN\quhabe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}]
C:\Program Files\Outerinfo\Outerinfo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7665A202-6DF1-4B99-891B-547923555997}]
C:\Program Files\MSN Gaming Zone\mevo83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B5E4C2D-C1A9-4487-9A14-EE0214C9B338}]
C:\Program Files\MSN Gaming Zone\mevo.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"= C:\WINDOWS\system32\WinNB58.dll [ ]

[HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}]
[HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-01-31 14:35]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 12:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-31 19:10]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 09:26]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 14:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 14:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-23 00:09]
"c2c145"="C:\WINDOWS\c2c145" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-06-16 14:38]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]

C:\Documents and Settings\Lauren\Start Menu\Programs\Startup\
PolicyKey.lnk - C:\Program Files\Impulse\PolicyKey.exe [2006-09-08 14:31:57]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-08-04 21:13:05]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-20 02:06:34]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Policy Key.lnk - C:\Program Files\Impulse\PolicyKey.exe [2006-09-08 14:31:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 14:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

R1 SAVOnAccess Control;SAVOnAccess Control;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
R1 SAVOnAccess Filter;SAVOnAccess Filter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R1 Tcpip6;Microsoft IPv6 Protocol Driver;C:\WINDOWS\system32\DRIVERS\tcpip6.sys
R2 6to4;IPv6 Helper Service;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys
R3 tunmp;Microsoft Tun Miniport Adapter Driver;C:\WINDOWS\system32\DRIVERS\tunmp.sys
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S3 E100B;Intel® PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12126ae0-d8df-11db-9688-0012f0a37126}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd84272-c353-11da-963b-00123f1c7280}]
AutoRun\command- E:\SafeGuard\Windows\SafeGuard20.exe


Contents of the 'Scheduled Tasks' folder
2007-08-06 03:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 20:06:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 20:09:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-06 20:09

--- E O F ---

Keep fighting the good fight :thumbsup:

#4 biggyofmt

biggyofmt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 07 August 2007 - 01:28 AM

I haven't had a popup in several hours of continuous internet browsing, and my system seems to be running at full speed. I believe that the virus may have been vanquished.

#5 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:12 PM

Posted 07 August 2007 - 03:55 AM

Not yet. :thumbsup: There's still baddies. Great to hear your system is running fine though. Makes the fixes easy to do.

First, under Add/Remove Programs list, uninstall the following entry if found:

Outerinfo

Then, please open notepad and copy/paste the text in the quotebox into it

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}"=-
[-HKEY_CLASSES_ROOT\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}]
[-HKEY_CLASSES_ROOT\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c2c145"=-

File::
C:\WINDOWS\system32\ybthhooj.dll
C:\WINDOWS\system32\lmjsyqvt.dll
C:\WINDOWS\system32\tasgepwl.dll
C:\WINDOWS\system32\gthwuvvf.dll
C:\WINDOWS\system32\oqalkjvo.dll
C:\WINDOWS\system32\umnvhhat.dll
C:\WINDOWS\system32\ksovcwfg.dll
C:\WINDOWS\system32\owgqbgbb.dll
C:\WINDOWS\system32\nrtugldl.dll
C:\WINDOWS\system32\dkiwkolw.dll
C:\WINDOWS\system32\yfvcpans.dll
C:\WINDOWS\WpAJTrYf67HazytRD.exe
C:\WINDOWS\system32\imrhvnnx.exe
C:\WINDOWS\system32\ndvjbgvb.exe
C:\WINDOWS\system32\ujxpivgq.dll
C:\WINDOWS\system32\qvftcwjh.dll
C:\WINDOWS\system32\ajyxjqnk.exe
C:\WINDOWS\system32\mtkjeywk.dll
C:\WINDOWS\system32\thyioygs.dll
C:\WINDOWS\system32\kasklfsf.dll
C:\WINDOWS\system32\wlagdfyl.dll
C:\WINDOWS\112uninst.exe
C:\WINDOWS\c2c145.exe
C:\WINDOWS\system32\WinNB58.dll
C:\Program Files\MSN Gaming Zone\mevo.dll
C:\Program Files\MSN Gaming Zone\mevo83122.dll
C:\Program Files\MSN\quhabe.dll

Folder::
C:\Program Files\Outerinfo


Save it as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply along with a fresh HijackThis log. :flowers:

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Hi there, stranger!

#6 biggyofmt

biggyofmt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 08 August 2007 - 12:30 AM

Here we are

ComboFix 07-08-04.3 - "Lauren" 2007-08-07 20:58:42.2 [GMT -7:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Lauren\Desktop\cfscript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\112uninst.exe
C:\WINDOWS\system32\ajyxjqnk.exe
C:\WINDOWS\system32\dkiwkolw.dll
C:\WINDOWS\system32\gthwuvvf.dll
C:\WINDOWS\system32\imrhvnnx.exe
C:\WINDOWS\system32\kasklfsf.dll
C:\WINDOWS\system32\ksovcwfg.dll
C:\WINDOWS\system32\lmjsyqvt.dll
C:\WINDOWS\system32\mtkjeywk.dll
C:\WINDOWS\system32\ndvjbgvb.exe
C:\WINDOWS\system32\nrtugldl.dll
C:\WINDOWS\system32\oqalkjvo.dll
C:\WINDOWS\system32\owgqbgbb.dll
C:\WINDOWS\system32\qvftcwjh.dll
C:\WINDOWS\system32\tasgepwl.dll
C:\WINDOWS\system32\thyioygs.dll
C:\WINDOWS\system32\ujxpivgq.dll
C:\WINDOWS\system32\umnvhhat.dll
C:\WINDOWS\system32\wlagdfyl.dll
C:\WINDOWS\system32\ybthhooj.dll
C:\WINDOWS\system32\yfvcpans.dll
C:\WINDOWS\WpAJTrYf67HazytRD.exe


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-06 19:52 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-05 22:43 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-27 14:16 <DIR> d-------- C:\DOCUME~1\Lauren\APPLIC~1\Viewpoint
2007-07-22 02:44 <DIR> d-------- C:\Program Files\Veoh Networks


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 20:54 --------- d-------- C:\DOCUME~1\Lauren\APPLIC~1\.gaim
2007-07-28 02:59 --------- d-------- C:\Program Files\Impulse
2007-07-24 17:52 --------- d-------- C:\Program Files\MSN Gaming Zone
2007-07-22 02:45 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-23 00:32 --------- d-------- C:\Program Files\Gaim
2007-05-16 08:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E8B4CEE-6F83-454A-5A8D-E493F40B8DC7}]
C:\Program Files\MSN\quhabe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}]
C:\Program Files\Outerinfo\Outerinfo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7665A202-6DF1-4B99-891B-547923555997}]
C:\Program Files\MSN Gaming Zone\mevo83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B5E4C2D-C1A9-4487-9A14-EE0214C9B338}]
C:\Program Files\MSN Gaming Zone\mevo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-01-31 14:35]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 12:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-31 19:10]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 09:26]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 14:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 14:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-23 00:09]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-06-16 14:38]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 17:43]

C:\Documents and Settings\Lauren\Start Menu\Programs\Startup\
PolicyKey.lnk - C:\Program Files\Impulse\PolicyKey.exe [2006-09-08 14:31:57]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [2007-08-04 21:13:05]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-20 02:06:34]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Policy Key.lnk - C:\Program Files\Impulse\PolicyKey.exe [2006-09-08 14:31:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 14:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

R1 SAVOnAccess Control;SAVOnAccess Control;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
R1 SAVOnAccess Filter;SAVOnAccess Filter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R1 Tcpip6;Microsoft IPv6 Protocol Driver;C:\WINDOWS\system32\DRIVERS\tcpip6.sys
R2 6to4;IPv6 Helper Service;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys
R3 tunmp;Microsoft Tun Miniport Adapter Driver;C:\WINDOWS\system32\DRIVERS\tunmp.sys
S3 E100B;Intel® PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12126ae0-d8df-11db-9688-0012f0a37126}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bcd84272-c353-11da-963b-00123f1c7280}]
AutoRun\command- E:\SafeGuard\Windows\SafeGuard20.exe


Contents of the 'Scheduled Tasks' folder
2007-08-06 03:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 21:02:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 21:03:48
C:\ComboFix-quarantined-files.txt ... 2007-08-07 21:03
C:\ComboFix2.txt ... 2007-08-06 20:09

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:42 PM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Impulse\PolicyKey.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Gaim\gaim.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 0 - {2E8B4CEE-6F83-454A-5A8D-E493F40B8DC7} - C:\Program Files\MSN\quhabe.dll (file missing)
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7665A202-6DF1-4B99-891B-547923555997} - C:\Program Files\MSN Gaming Zone\mevo83122.dll (file missing)
O2 - BHO: (no name) - {9B5E4C2D-C1A9-4487-9A14-EE0214C9B338} - C:\Program Files\MSN Gaming Zone\mevo.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Startup: PolicyKey.lnk = C:\Program Files\Impulse\PolicyKey.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Policy Key.lnk = C:\Program Files\Impulse\PolicyKey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8656 bytes

#7 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:12 PM

Posted 08 August 2007 - 01:20 AM

Run a scan with HijackThis and check the following objects for removal:

O2 - BHO: 0 - {2E8B4CEE-6F83-454A-5A8D-E493F40B8DC7} - C:\Program Files\MSN\quhabe.dll (file missing)
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll (file missing)
O2 - BHO: (no name) - {7665A202-6DF1-4B99-891B-547923555997} - C:\Program Files\MSN Gaming Zone\mevo83122.dll (file missing)
O2 - BHO: (no name) - {9B5E4C2D-C1A9-4487-9A14-EE0214C9B338} - C:\Program Files\MSN Gaming Zone\mevo.dll (file missing)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab


Now close ALL other open windows but HijackThis and hit FIX CHECKED. Exit HijackThis.

Updating Java and Clearing Cache
  • Go to Start > Control Panel double-click on the Software icon > Add/Remove Programs.
  • Search in the list for ALL previous installed versions of Java. (J2RE Runtime Environment.... )
    They should have next icon next to it: Posted Image
    Select them and click Remove once at a time.
  • Now please install the Java Runtime Environment (JRE) 6u2 manually..
  • Note to reboot the computer after updating:http://java.sun.com/javase/downloads/index.jsp
[/list]====

Finally,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

So.. No problems on your system?
Hi there, stranger!

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:12 PM

Posted 18 August 2007 - 09:40 AM

Since this issue appears to be resolved, this Topic has been closed. Should you need this Topic reopened, please PM a Staff member. :thumbsup:
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users