Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pcsecuritylab Help?


  • Please log in to reply
5 replies to this topic

#1 Truss

Truss

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 August 2007 - 12:24 PM

Not sure what's going on but i knew something was up when my computer starting shutting itself down.
I keep getting redirected to Pcsecuritylab/some fake spyware site.

Here's my log, thanks for any and all help!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:10 PM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Comodo\Firewall\cmdagent.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\taskmgr.exe
E:\WINDOWS\system32\DeltTray.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Comodo\Firewall\CPF.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\WINDOWS\system32\taskmgr.exe
E:\WINDOWS\explorer.exe
E:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
E:\Documents and Settings\chappuh\Desktop\HiJackThis_v2.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Documents and Settings\chappuh\Desktop\HiJackThis.exe

F3 - REG:win.ini: load=E:\WINDOWS\taskmgr.exe
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: msscds32.msdn_hlp - {ED3912DF-EE05-4242-89D9-D31EFE9D4AF4} - E:\WINDOWS\system32\msscds32.dll
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [H2O] E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SNM] E:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RogueMonitor] E:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - Startup: TA_Start.lnk = E:\Documents and Settings\chappuh\Local Settings\Temp\thinksnet.exe
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - E:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe

--
End of file - 6148 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 20 August 2007 - 02:36 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Truss :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Truss

Truss
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 August 2007 - 05:29 PM

Thanks Ritchie!

The Combofix log is as follows

ComboFix 07-08-17.2 - "chappuh" 2007-08-20 17:02:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.482 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


E:\DOCUME~1\chappuh\STARTM~1\Programs\Startup.\TA_Start.lnk
E:\WINDOWS\180ax.exe
E:\WINDOWS\2020search.dll
E:\WINDOWS\2020search2.dll
E:\WINDOWS\764.exe
E:\WINDOWS\7search.dll
E:\WINDOWS\bi.dll
E:\WINDOWS\biprep.exe
E:\WINDOWS\bjam.dll
E:\WINDOWS\bokja.exe
E:\WINDOWS\cdsm32.dll
E:\WINDOWS\flt.dll
E:\WINDOWS\mspphe.dll
E:\WINDOWS\mssvr.exe
E:\WINDOWS\pbar.dll
E:\WINDOWS\saiemod.dll
E:\WINDOWS\salm.exe
E:\WINDOWS\satmat.exe
E:\WINDOWS\stcloader.exe
E:\WINDOWS\swin32.dll
E:\WINDOWS\system32\drivers\alert_icon.gif
E:\WINDOWS\system32\drivers\blank.gif
E:\WINDOWS\system32\drivers\box_1.gif
E:\WINDOWS\system32\drivers\box_2.gif
E:\WINDOWS\system32\drivers\box_3.gif
E:\WINDOWS\system32\drivers\button_buynow.gif
E:\WINDOWS\system32\drivers\button_freescan.gif
E:\WINDOWS\system32\drivers\close_icon.gif
E:\WINDOWS\system32\drivers\detect.htm
E:\WINDOWS\system32\drivers\download_box.gif
E:\WINDOWS\system32\drivers\footer_back.jpg
E:\WINDOWS\system32\drivers\header_1.gif
E:\WINDOWS\system32\drivers\header_2.gif
E:\WINDOWS\system32\drivers\header_3.gif
E:\WINDOWS\system32\drivers\header_4.gif
E:\WINDOWS\system32\drivers\header_bg.gif
E:\WINDOWS\system32\drivers\icon_warning.gif
E:\WINDOWS\system32\drivers\infected.gif
E:\WINDOWS\system32\drivers\main_back.gif
E:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
E:\WINDOWS\system32\drivers\product_1_header.gif
E:\WINDOWS\system32\drivers\product_1_name_small.gif
E:\WINDOWS\system32\drivers\product_2_header.gif
E:\WINDOWS\system32\drivers\product_2_name_small.gif
E:\WINDOWS\system32\drivers\product_3_header.gif
E:\WINDOWS\system32\drivers\product_3_name_small.gif
E:\WINDOWS\system32\drivers\product_features.gif
E:\WINDOWS\system32\drivers\pt.htm
E:\WINDOWS\system32\drivers\remove_spyware_button.gif
E:\WINDOWS\system32\drivers\s_detect.htm
E:\WINDOWS\system32\drivers\secuity_center_logo.gif
E:\WINDOWS\system32\drivers\sep_hor.gif
E:\WINDOWS\system32\drivers\sep_vert.gif
E:\WINDOWS\system32\drivers\shadow.jpg
E:\WINDOWS\system32\drivers\spacer.gif
E:\WINDOWS\system32\drivers\spy_away_box.jpg
E:\WINDOWS\system32\drivers\star.gif
E:\WINDOWS\system32\drivers\star_gray.gif
E:\WINDOWS\system32\drivers\star_gray_small.gif
E:\WINDOWS\system32\drivers\star_small.gif
E:\WINDOWS\system32\drivers\style.css
E:\WINDOWS\system32\drivers\v.gif
E:\WINDOWS\system32\drivers\warning_icon.gif
E:\WINDOWS\system32\drivers\win_logo.gif
E:\WINDOWS\system32\drivers\x.gif
E:\WINDOWS\system32\gtv_sd.bin
E:\WINDOWS\system32\KB06650816.exe
E:\WINDOWS\system32\KB13409011.exe
E:\WINDOWS\system32\KB32129561.exe
E:\WINDOWS\system32\KB36591906.exe
E:\WINDOWS\system32\KB37544455.exe
E:\WINDOWS\system32\KB48801150.exe
E:\WINDOWS\system32\KB52967874.exe
E:\WINDOWS\system32\KB61441056.exe
E:\WINDOWS\system32\KB73598442.exe
E:\WINDOWS\system32\KB73835204.exe
E:\WINDOWS\system32\KB79655920.exe
E:\WINDOWS\system32\KB94461541.exe
E:\WINDOWS\system32\KB95332196.exe
E:\WINDOWS\system32\lanmandrv.sys
E:\WINDOWS\system32\lanmanwrk.exe
E:\WINDOWS\system32\msbind32.exe
E:\WINDOWS\system32\msixu.dll
E:\WINDOWS\system32\msnav32.ax
E:\WINDOWS\system32\msscds32.dll
E:\WINDOWS\system32\ocxapi.dll
E:\WINDOWS\system32\ocxloader.exe
E:\WINDOWS\system32\qmdbbhho.exe
E:\WINDOWS\system32\qmopt.dll
E:\WINDOWS\system32\vxddsk.exe
E:\WINDOWS\system32\wer8274.dll
E:\WINDOWS\system32\wml.exe
E:\WINDOWS\taskmgr.exe
E:\WINDOWS\temp\salm.exe
E:\WINDOWS\updatetc.exe
E:\WINDOWS\voiceip.dll
E:\WINDOWS\vxddsk.exe
E:\WINDOWS\wml.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_LANMANDRV
-------\lanmandrv


((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))


2007-08-20 12:13 <DIR> d-------- E:\Program Files\RogueRemover PRO
2007-08-20 12:01 7,031 --a------ E:\WINDOWS\system32\ielog.dll
2007-08-20 10:58 434 --a------ E:\WINDOWS\system32\iebdfex.dll
2007-08-20 10:43 <DIR> d--h----- E:\WINDOWS\system32\GroupPolicy
2007-08-19 21:35 4 --a------ E:\WINDOWS\system32\stfv.bin
2007-08-19 21:28 73 --a------ E:\WINDOWS\system32\ierql.dll
2007-08-19 21:28 7,753 --a------ E:\WINDOWS\system32\iefpmod.dll
2007-08-19 21:28 4 --a------ E:\WINDOWS\system32\iebudata.dll
2007-08-19 21:28 302 --a------ E:\WINDOWS\system32\iehrdata.dll
2007-08-19 21:28 105 --a------ E:\WINDOWS\system32\qshl.dll
2007-08-19 12:02 13,697 --a------ E:\DOCUME~1\chappuh\ie_update3r.exe
2007-08-18 18:35 <DIR> d-------- E:\Program Files\eMusic Download Manager
2007-08-18 18:34 <DIR> d-------- E:\DOCUME~1\chappuh\APPLIC~1\InstallShield
2007-08-18 15:32 <DIR> d-------- E:\Program Files\Common Files\SWF Studio
2007-07-31 19:19 <DIR> d-------- E:\DOCUME~1\chappuh\APPLIC~1\Comodo
2007-07-31 19:19 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-31 19:16 <DIR> d-------- E:\Program Files\Comodo
2007-07-31 15:49 51,200 --a------ E:\WINDOWS\nircmd.exe
2007-07-31 10:34 <DIR> d-------- E:\Program Files\Trend Micro
2007-07-31 10:27 76,560 --a------ E:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-30 16:57 10,872 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-30 10:20 <DIR> d-------- E:\Program Files\SUPERAntiSpyware
2007-07-30 10:20 <DIR> d-------- E:\DOCUME~1\chappuh\APPLIC~1\SUPERAntiSpyware.com
2007-07-30 10:20 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-29 02:09 <DIR> d-------- E:\WINDOWS\system32\appmgmt
2007-07-28 18:40 512,096 --a------ E:\WINDOWS\system32\drivers\amon.sys
2007-07-28 18:40 298,104 --a------ E:\WINDOWS\system32\imon.dll
2007-07-28 18:40 15,424 --a------ E:\WINDOWS\system32\drivers\nod32drv.sys
2007-07-28 18:10 <DIR> d-------- E:\DOCUME~1\chappuh\.housecall6.6
2007-07-28 17:50 1,152 --a------ E:\WINDOWS\system32\windrv.sys
2007-07-28 17:50 <DIR> d-------- E:\Program Files\Common Files\Download Manager
2007-07-27 17:55 3,176 --a------ E:\WINDOWS\system32\tmp.reg
2007-07-27 17:54 53,248 --a------ E:\WINDOWS\system32\Process.exe
2007-07-27 17:54 51,200 --a------ E:\WINDOWS\system32\dumphive.exe
2007-07-27 17:54 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe
2007-07-27 17:53 786,432 --ah----- E:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-27 17:01 <DIR> d-a------ E:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-26 17:48 <DIR> d-------- E:\DOCUME~1\chappuh\APPLIC~1\vlc
2007-07-26 17:45 <DIR> d-------- E:\Program Files\VideoLAN
2007-07-21 20:53 5,632 --a------ E:\WINDOWS\system32\ptpusb.dll
2007-07-21 20:53 159,232 --a------ E:\WINDOWS\system32\ptpusd.dll
2007-07-21 20:53 15,104 --a------ E:\WINDOWS\system32\drivers\usbscan.sys
2007-07-21 20:48 20 ---h----- E:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLec.DAT
2007-07-21 20:47 <DIR> d-------- E:\Program Files\PictureProject In Touch Downloader
2007-07-21 20:46 <DIR> d-------- E:\Program Files\MSXML 4.0
2007-07-21 20:45 974,848 --a------ E:\WINDOWS\system32\mfc70.dll
2007-07-21 20:45 765,952 --a------ E:\WINDOWS\system32\msvcp71d.dll
2007-07-21 20:45 76,800 -ra------ E:\WINDOWS\system32\RedEye.dll
2007-07-21 20:45 544,768 --a------ E:\WINDOWS\system32\msvcr71d.dll
2007-07-21 20:45 5,709,824 -ra------ E:\WINDOWS\system32\NkNEFPlugin.dll
2007-07-21 20:45 499,712 --a------ E:\WINDOWS\system32\msvcp71.dll
2007-07-21 20:45 495,616 -ra------ E:\WINDOWS\system32\DRAGNKL1.dll
2007-07-21 20:45 48,128 -ra------ E:\WINDOWS\system32\picn20.dll
2007-07-21 20:45 20 ---h----- E:\DOCUME~1\ALLUSE~1\APPLIC~1\PKP_DLds.DAT
2007-07-21 20:45 2,179,072 --a------ E:\WINDOWS\system32\mfc71d.dll
2007-07-21 20:45 180,224 -ra------ E:\WINDOWS\system32\Strato4.dll
2007-07-21 20:45 180,224 -ra------ E:\WINDOWS\system32\picn1120.dll
2007-07-21 20:45 155,648 -ra------ E:\WINDOWS\system32\picn1020.dll
2007-07-21 20:45 110,592 -ra------ E:\WINDOWS\system32\RCSigProc.dll
2007-07-21 20:45 106,496 --------- E:\WINDOWS\system32\ATL71.DLL
2007-07-21 20:45 1,060,864 --a------ E:\WINDOWS\system32\MFC71.dll
2007-07-21 20:45 <DIR> d-------- E:\Program Files\Nikon
2007-07-21 20:45 <DIR> d-------- E:\Program Files\Common Files\muvee Technologies
2007-07-21 20:45 <DIR> d-------- E:\DOCUME~1\chappuh\APPLIC~1\Nikon
2007-07-21 20:45 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
2007-07-21 20:45 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\Nikon
2007-07-21 20:45 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
2007-07-21 20:41 <DIR> d-------- E:\DOCUME~1\chappuh\APPLIC~1\ArcSoft
2007-07-21 20:38 212,480 --a------ E:\WINDOWS\PCDLIB32.DLL
2007-07-21 20:38 <DIR> d-------- E:\Program Files\Common Files\Nikon
2007-07-21 20:38 <DIR> d-------- E:\Program Files\ArcSoft
2007-07-21 19:35 <DIR> d-------- E:\Program Files\Joost
2007-07-21 19:35 <DIR> d-------- E:\DOCUME~1\chappuh\APPLIC~1\Joost


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-20 12:13 2014 -r-h----- E:\WINDOWS\system32\drivers\hosts
2007-08-18 18:35 --------- d--h----- E:\Program Files\InstallShield Installation Information
2007-08-18 18:12 --------- d-------- E:\Program Files\Winamp
2007-08-18 17:23 73 --a------ E:\WINDOWS\system32\ssprs.dll
2007-08-18 17:23 205 --a------ E:\WINDOWS\system32\lsprst7.dll
2007-08-18 15:45 --------- d-------- E:\Program Files\BitTorrent
2007-08-08 21:23 --------- d-------- E:\DOCUME~1\chappuh\APPLIC~1\OpenOffice.org2
2007-07-31 19:12 --------- d-------- E:\DOCUME~1\chappuh\APPLIC~1\Lavasoft
2007-07-30 22:44 --------- d-------- E:\DOCUME~1\chappuh\APPLIC~1\BitTorrent
2007-07-29 23:13 --------- d-------- E:\DOCUME~1\chappuh\APPLIC~1\Publish Providers
2007-07-05 21:22 --------- d-------- E:\Program Files\Starcraft
2007-07-04 15:15 1025 --a------ E:\WINDOWS\system32\sysprs7.dll
2007-07-04 15:15 1025 --a------ E:\WINDOWS\system32\clauth2.dll
2007-07-04 15:15 1025 --a------ E:\WINDOWS\system32\clauth1.dll
2007-06-20 17:07 967 --a------ E:\WINDOWS\ScUnin.pif
2007-06-20 17:07 94208 --a------ E:\WINDOWS\ScUnin.exe
2007-06-09 22:09 82944 --a------ E:\WINDOWS\system32\usbkt1x1.dll
2007-06-09 22:09 724992 --a------ E:\WINDOWS\iun6002.exe
2007-05-24 17:36 14 --a------ E:\WINDOWS\system32\systeminfo3.dll
2007-05-24 17:35 81920 --a------ E:\DOCUME~1\chappuh\APPLIC~1\ezpinst.exe
2007-05-24 17:35 47360 --a------ E:\DOCUME~1\chappuh\APPLIC~1\pcouffin.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000026-8735-428D-B81F-DD098223B25F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{000006b1-19b5-414a-849f-2a3c64ae6939}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30000273-8230-4dd4-be4f-6889d1e74167}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"="" []
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40]
"DeltTray"="DeltTray.exe" [2004-08-27 00:43 E:\WINDOWS\system32\DeltTray.exe]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57]
"H2O"="E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46]
"ATICCC"="E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SNM"="E:\Program Files\SpyNoMore\SNM.exe" []
"nod32kui"="E:\Program Files\Eset\nod32kui.exe" [2007-07-28 18:39]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"COMODO Firewall Pro"="E:\Program Files\Comodo\Firewall\CPF.exe" [2007-07-31 19:16]
"Winmplayer"="E:\WINDOWS\system32\KB_963491.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-06-19 22:28]
"Aim6"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 14:32]
"RogueMonitor"="E:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe" [2007-07-16 22:06]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - E:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-07-21 20:45:26]

R0 Gws66;Gws66;E:\WINDOWS\system32\drivers\Gws66.sys
R2 Nsynas32;Nsynas32;E:\WINDOWS\system32\drivers\Nsynas32.sys
R3 CLEDX;Team H2O CLEDX service;E:\WINDOWS\system32\DRIVERS\cledx.sys
R3 USBKT1X1;M-Audio USB Keystation;E:\WINDOWS\system32\drivers\usbkt1x1.sys
S3 UKS11LDR;M-Audio USB Keystation Loader;E:\WINDOWS\system32\drivers\uks11ldr.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 17:09:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

E:\WINDOWS\system32\drivers\Gws66.sys
E:\WINDOWS\system32\drivers\symavc32.sys

scan completed successfully
hidden files: 2

**************************************************************************

Completion time: 2007-08-20 17:11:24 - machine was rebooted
E:\ComboFix-quarantined-files.txt ... 2007-08-20 17:11
E:\ComboFix2.txt ... 2007-07-31 15:52

--- E O F ---



And here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:40 PM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Comodo\Firewall\cmdagent.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\DeltTray.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Comodo\Firewall\CPF.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe
E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Documents and Settings\chappuh\Desktop\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [H2O] E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SNM] E:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Winmplayer] "E:\WINDOWS\system32\KB_963491.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RogueMonitor] E:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - E:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe

--
End of file - 5917 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 20 August 2007 - 05:59 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O4 - HKLM\..\Run: [Winmplayer] "E:\WINDOWS\system32\KB_963491.exe"
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

Also post a new Hijackthis log.
Let me know how your pc is running now.
Posted Image
Posted Image

#5 Truss

Truss
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 20 August 2007 - 06:44 PM

Here is the bitdefender log:

//----------------------------------------------------------------- // // Product BitDefender Antivirus v10 // Product 10.2 // // Created on: 20/08/2007 18:15:35 // //----------------------------------------------------------------- Virus Statistics Scan path : E:\WINDOWS E:\Program Files Folders : 3892 Files : 97632 Memory processes scanned : 0 Archives : 0 Runtime packers : 6777 Identified viruses : 1 Infected files : 1 Memory processes infected : 0 Suspect files : 0 Warnings : 0 Disinfected files : 0 Deleted files : 0 Moved files : 1 I/O errors : 0 Scan time : 00:14:43 Scan speed (files/sec) : 110 Virus definitions : 532320 Scan plugins : 16 Archive plugins : 41 Unpack plugins : 6 Mail plugins : 6 System plugins : 5 Virus scan options Detection [X] Scan boot sectors [ ] Memory Processes [ ] Scan archives [X] Scan runtime packers [X] Scan email File mask [X] Programs [ ] All files [ ] User defined extensions: [ ] Exclude extensions: ; Action Infected objects [ ] Ignore [X] Disinfect [ ] Delete [ ] Move to quarantine [ ] Prompt user Second action [ ] Ignore [ ] Delete [X] Move to quarantine [ ] Prompt user Virus scan options [X] Enable warnings [ ] Enable heuristics [ ] Show all files in log [X] Report file: E:\DOCUME~1\chappuh\LOCALS~1\Temp\1187651735.log Spyware scan options [X] Scan for riskware [ ] Skip dial and applications from scan [ ] Registry keys [ ] Cookies Summary: E:\WINDOWS\Downloaded Program Files\HGStart9USA.exe Infected: Trojan.Dloader.BAK E:\WINDOWS\Downloaded Program Files\HGStart9USA.exe Disinfection failed E:\WINDOWS\Downloaded Program Files\HGStart9USA.exe Moved

and here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:14 PM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\Comodo\Firewall\cmdagent.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\DeltTray.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
E:\Program Files\Softwin\BitDefender10\vsserv.exe
E:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
E:\Program Files\Softwin\BitDefender10\bdagent.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Comodo\Firewall\cpf.exe
E:\Documents and Settings\chappuh\Desktop\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [H2O] E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ATICCC] "E:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SNM] E:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BDMCon] "E:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "E:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RogueMonitor] E:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - E:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - E:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 4939 bytes


Looks like everything's running smoothly now. I haven't had the warnings I had before and opening IE didn't redirect me.

Thanks again Ritchie!!

Edited by Truss, 20 August 2007 - 06:45 PM.


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 20 August 2007 - 06:53 PM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Combofix.exe
C:\Qoobox

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

---------------------------------------------------------------

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users