Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantispyware, Trojan.agent.aoy, Retadpu77.exe


  • This topic is locked This topic is locked
15 replies to this topic

#1 bleepedindeed

bleepedindeed

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 19 September 2007 - 01:34 AM

THis all seemed to come from a joke site. I had my pop up blocker off because I had been playing at Pogo. IE will not do a Google or Yahoo, the window just closes. Outerinfo pop ups disrupt anything you do, alternating with the opportunity to install winantispyware, like that will help. Here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18, on 2007-09-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\svhost.exe
C:\Program Files\WinAntiSpyware 2007\was7.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Doug\APPLIC~1\DOBE~1\msconfig.exe
C:\Documents and Settings\Doug\Application Data\?racle\r?gsvr32.exe
C:\Program Files\ISM\ISMModule4.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\downloads\hijackthis\HiJackThis.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [Tmuo] "C:\DOCUME~1\Doug\APPLIC~1\DOBE~1\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Ynds] "C:\Program Files\??crosoft.NET\r?ndll32.exe"
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - HKCU\..\Run: [Gedopdn] "C:\Documents and Settings\Doug\Application Data\?racle\r?gsvr32.exe"
O4 - HKCU\..\Run: [ISMModule4] "C:\Program Files\ISM\ISMModule4.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [ufqu] C:\Program Files\InetGet2\stub109_4_0_4_0.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RG91Zw\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

--
End of file - 6905 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:06 PM

Posted 19 September 2007 - 02:10 AM

Hello,

I notice that you do not seem to be running Antivirus software. This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

Avira, AVG OR Avast are good FREE antivirus.
Never install more than one antivirusscanner! Several together can give problems and decrease the reliability of it seriously!

Reboot your computer afterwards.
After reboot, perform a full scan with your Antivirus and let it remove anything it is finding. Then reboot once again in order to delete files that were in use previously.

Post a new HijackThislog in your next reply - then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 bleepedindeed

bleepedindeed
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 19 September 2007 - 04:00 AM

Using AVG, it does not show? It is working.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:06 PM

Posted 19 September 2007 - 05:02 AM

Hi,

Just post a new HijackThislog please.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 bleepedindeed

bleepedindeed
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 19 September 2007 - 04:53 PM

Okay.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51, on 2007-09-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\svhost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\DOCUME~1\Doug\APPLIC~1\DOBE~1\msconfig.exe
C:\Documents and Settings\Doug\Application Data\?racle\r?gsvr32.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\downloads\hijackthis\HiJackThis.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [Tmuo] "C:\DOCUME~1\Doug\APPLIC~1\DOBE~1\msconfig.exe" -vt yazb
O4 - HKCU\..\Run: [Ynds] "C:\Program Files\??crosoft.NET\r?ndll32.exe"
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - HKCU\..\Run: [Gedopdn] "C:\Documents and Settings\Doug\Application Data\?racle\r?gsvr32.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [ufqu] C:\Program Files\InetGet2\stub109_4_0_4_0.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\nluvjrvr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 6877 bytes

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:06 PM

Posted 20 September 2007 - 12:49 AM

Using AVG, it does not show? It is working.

Hi,

I don't see you have installed an Antivirus though.. You are having AVG Antispyware which is no Antivirus but an Antispyware scanner. This is a big difference.
So please install one of the Antivirus from the links I posted previously and let it perform a full scan and reboot afterwards. Because as long that there's no Antivirus present, nothing will prevent a reinfection, so if we start removal, it will be all back again.

Then post a new HijackThislog in your next reply after you performed a full scan with your Antivirus.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 bleepedindeed

bleepedindeed
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 21 September 2007 - 02:08 AM

Sorry, thought it was antivirus. I installed AVG, ran it-still infected. Went back to square 1, tried clean mgr adaware-etc. Used bit defender-had to uninstall AVG AV. I have some undeletable unmovables-Adware Purity Scan BH, Adware TTC, and Adware TTC.B. The damn outerinfo popups continue, and everything is reaaaaal sloooow. Current hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:00, on 2007-09-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\Doug\Application Data\?racle\r?gsvr32.exe
C:\Program Files\Insider\Insider.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\downloads\hijackthis\HiJackThis.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\icrvwtsd.dll",sitypnow
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [Ynds] "C:\Program Files\??crosoft.NET\r?ndll32.exe"
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - HKCU\..\Run: [Gedopdn] "C:\Documents and Settings\Doug\Application Data\?racle\r?gsvr32.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [ufqu] C:\Program Files\InetGet2\stub109_4_0_4_0.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7166 bytes

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:06 PM

Posted 21 September 2007 - 07:46 AM

Hi,

Now since there's an Antivirus present, we can properly proceed.

First of all - I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup

I also suggest you temporary disable your Bitdefender, this because bitdefender locks the malware related files, so our next tool won't be able to delete them if they are locked by Bitdefender.

Then, after you disabled Teatimer and Bitdefender..

* Download Combofix to your desktop.
In case you already used Combofix previously, please delete the version you are having and redownload it again, because Combofix is being updated everyday.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 bleepedindeed

bleepedindeed
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 21 September 2007 - 06:20 PM

I see no allow change screen to disable teatimer. You guys have the patience of saints to deal with this garbage all of the time. Not the pop up, but on the S & D GUI. I am starting to consider a format reinstall. This happened because an old hard drive lost the file system.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:06 PM

Posted 22 September 2007 - 12:40 AM

Hi,

You only have to disable Teatimer and then run Combofix.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 bleepedindeed

bleepedindeed
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 22 September 2007 - 06:24 AM

How to disable teatimer?
Uncheck the boxes, then what? I see no save, apply, or anything. Close the window? Last night I uninstalled S & D, disabled Bit Defender(by not having it start on startup) and rebooted. I posted the logs, but they are not here. So:

ComboFix 07-09-21.2 - "Doug" 2007-09-21 19:33:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.680 [GMT -4:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\D.tmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\Doug\APPLIC~1\DOBE~1
C:\DOCUME~1\Doug\APPLIC~1\DOBE~1\?dobe\
C:\DOCUME~1\Doug\APPLIC~1\DOBE~1\msconfig.exe
C:\DOCUME~1\Doug\APPLIC~1\Microsoft\25319.dat
C:\DOCUME~1\Doug\APPLIC~1\RACLE~1
C:\DOCUME~1\Doug\APPLIC~1\RACLE~1\r?gsvr32.exe
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\svhost
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\sembly~1
C:\WINDOWS\system32\3_exception.nls
C:\WINDOWS\system32\A1
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\system32\drivers\RKT44.sys
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\gebbyax.dll
C:\WINDOWS\system32\H2
C:\WINDOWS\system32\hncchbof.exe
C:\WINDOWS\system32\pmohhupw.exe
C:\WINDOWS\system32\qfeerjqg.exe
C:\WINDOWS\system32\qrqss.bak1
C:\WINDOWS\system32\qrqss.bak2
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\system32\trybdcrb.exe
C:\WINDOWS\system32\wnsapii.exe
C:\WINDOWS\system32\yvmshhjn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_POOF
-------\LEGACY_RKT44
-------\LEGACY_SMTPDRV
-------\DomainService
-------\smtpdrv


((((((((((((((((((((((((( Files Created from 2007-08-21 to 2007-09-21 )))))))))))))))))))))))))))))))
.

2007-09-21 19:23 87,616 --a------ C:\WINDOWS\system32\gauptsrh.dll
2007-09-21 19:23 2,009,587 --ahs---- C:\WINDOWS\system32\abeeg.bak2
2007-09-21 18:09 311,904 --a------ C:\WINDOWS\system32\geeba.dll
2007-09-21 18:09 2,004,676 --ahs---- C:\WINDOWS\system32\abeeg.bak1
2007-09-20 21:38 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\Bitdefender
2007-09-20 21:28 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-20 21:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-09-20 20:44 306,784 --a------ C:\WINDOWS\system32\mlljj.dll
2007-09-20 20:44 2,005,778 --ahs---- C:\WINDOWS\system32\jjllm.bak1
2007-09-20 20:02 83,008 --a------ C:\WINDOWS\system32\dpyyddjy.dll
2007-09-20 20:02 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-20 20:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-20 19:59 2,007,697 --ahs---- C:\WINDOWS\system32\ututv.bak2
2007-09-20 18:34 83,008 --a------ C:\WINDOWS\system32\rptfwqec.dll
2007-09-20 18:25 306,784 --a------ C:\WINDOWS\system32\vtutu.dll
2007-09-20 18:25 2,005,778 --ahs---- C:\WINDOWS\system32\ututv.bak1
2007-09-19 03:43 <DIR> d-------- C:\Program Files\QuickTime
2007-09-19 03:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-19 03:42 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-19 03:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-18 19:02 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-18 01:18 2,031,656 --ahs---- C:\WINDOWS\system32\hjkkj.bak1
2007-09-16 23:42 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\Talkback
2007-09-16 23:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-16 23:32 2,005,242 --ahs---- C:\WINDOWS\system32\hjkkj.ini2
2007-09-16 12:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-16 10:26 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-09-16 10:23 <DIR> d-------- C:\VundoFix Backups
2007-09-16 09:28 <DIR> d-------- C:\Program Files\Common Files\Update
2007-09-16 09:23 2,004,069 --ahs---- C:\WINDOWS\system32\hjkkj.bak2
2007-09-16 09:15 <DIR> d--hs---- C:\WINDOWS\RG91Zw
2007-09-16 09:15 <DIR> d-------- C:\WINDOWS\system32\GRB3
2007-09-16 09:15 <DIR> d-------- C:\WINDOWS\system32\DLL2
2007-09-16 09:15 <DIR> d-------- C:\WINDOWS\system32\chks2
2007-09-16 09:15 <DIR> d-------- C:\Temp
2007-09-16 09:11 0 --a------ C:\systrct.exe
2007-09-12 04:34 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\Download Manager
2007-09-11 02:56 <DIR> d-------- C:\WINDOWS\system32\fonts
2007-09-11 02:56 <DIR> d-------- C:\Sentryco
2007-09-11 02:56 <DIR> d-------- C:\Data
2007-09-10 05:39 <DIR> d-------- C:\PrograChoicesBU
2007-09-10 03:39 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\Corel
2007-09-10 03:36 <DIR> d-------- C:\Program Files\WordPerfect Office 11
2007-09-10 03:36 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-09-09 18:41 <DIR> d-------- C:\Program Files\ScreenPrint
2007-09-09 05:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 04:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-08 16:46 <DIR> dr------- C:\DOCUME~1\Doug\APPLIC~1\Brother
2007-09-08 13:17 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\WinRAR
2007-09-05 18:23 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\CyberLink
2007-09-05 18:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-09-05 03:25 <DIR> d-------- C:\CHOICES
2007-09-05 03:02 80,880 --a------ C:\WINDOWS\unvise.exe
2007-09-05 03:01 204,800 --a------ C:\WINDOWS\system32\fppmon1.dll
2007-09-05 03:01 106,496 --a------ C:\WINDOWS\system32\fppr132.dll
2007-09-05 02:48 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\FileMaker
2007-09-05 02:47 <DIR> d-------- C:\Program Files\FileMaker
2007-09-04 03:06 72,704 --a------ C:\WINDOWS\system32\ODBCTL32.DLL
2007-09-04 03:06 22,528 --a------ C:\WINDOWS\system32\reboin01.exe
2007-09-04 03:03 <DIR> d-------- C:\PROG
2007-09-03 15:14 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-09-03 15:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAHOO
2007-09-03 15:13 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-03 15:03 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\Roxio
2007-09-03 10:24 <DIR> d---s---- C:\DOCUME~1\Doug\UserData
2007-09-02 18:19 99,328 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2007-09-02 18:19 94,208 --a------ C:\WINDOWS\system32\FEELIT.DLL
2007-09-02 18:19 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2007-09-02 18:19 28,164 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-09-02 18:19 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2007-09-02 18:19 155,648 --a------ C:\WINDOWS\system32\ifc21.dll
2007-09-02 18:19 105,472 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2007-09-02 18:19 <DIR> d-------- C:\Program Files\MUSICMATCH
2007-09-02 18:18 70,238 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2007-09-02 18:18 52,238 --a------ C:\WINDOWS\system32\drivers\L8042pr2.Sys
2007-09-02 18:18 41,420 --------- C:\WINDOWS\system32\drivers\Lhidusb.sys
2007-09-02 18:18 4,524 --a------ C:\WINDOWS\system32\LCoInst.Dll
2007-09-02 18:18 23,838 --------- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS
2007-09-02 18:18 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE
2007-09-02 18:18 152,064 --a------ C:\WINDOWS\system32\lmoufrc.dll
2007-09-02 18:18 14,156 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2007-09-02 18:18 12,640 --a------ C:\WINDOWS\system32\drivers\itchfltr.sys
2007-09-02 18:18 <DIR> d-------- C:\Program Files\Logitech
2007-09-02 18:18 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-09-02 15:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-02 15:49 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-09-02 15:48 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-02 15:46 <DIR> d-------- C:\WINDOWS\EHome
2007-09-02 06:30 <DIR> d-------- C:\downloads
2007-09-02 05:22 <DIR> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2007-09-02 05:13 <DIR> d-------- C:\forms
2007-09-01 23:45 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000009-00001102-00000004-20021102}.dat
2007-09-01 23:45 384 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000009-00001102-00000004-20021102}.dat
2007-09-01 23:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
2007-09-01 23:38 <DIR> d-------- C:\Program Files\Roxio
2007-09-01 23:38 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-09-01 23:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
2007-09-01 23:34 803,680 --a------ C:\WINDOWS\system32\AXDIST.EXE
2007-09-01 23:34 635,152 --a------ C:\WINDOWS\system32\mapi32x.dll
2007-09-01 23:33 <DIR> d-------- C:\MyFiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 02:56 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-10 03:38 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-09 05:39 --------- d-------- C:\Program Files\Common Files\ATI
2007-09-01 23:22 --------- d-------- C:\Program Files\Creative
2007-09-01 19:43 --------- d-------- C:\DOCUME~1\Doug\APPLIC~1\Help
2007-09-01 19:41 --------- d-------- C:\Program Files\Gemstar
2007-09-01 19:41 --------- d-------- C:\Program Files\Common Files\Borland Shared
2007-09-01 19:40 --------- d-------- C:\Program Files\ATI Multimedia
2007-09-01 19:39 --------- d-------- C:\Program Files\Windows Media Components
2007-09-01 19:38 --------- d-------- C:\Program Files\Common Files\CyberLink
2007-09-01 19:37 --------- d-------- C:\Program Files\ATI Technologies
2007-09-01 19:33 --------- d-------- C:\DOCUME~1\Doug\APPLIC~1\InterTrust
2007-09-01 19:32 --------- d-------- C:\Program Files\ASUS
2007-09-01 19:11 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{124c21e1-4980-422c-97a5-cd60bb11171b}]
C:\WINDOWS\system32\ysnwfcj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A5E0856-FDCA-4012-9BFA-BE290402B82A}]
2007-09-21 18:09 311904 --a------ C:\WINDOWS\system32\geeba.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C4A8F8B-1A61-42C4-6725-4F71C4789FBC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{594AFDA2-A51E-4605-91E6-7BC60445839D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F227995-F51B-4C2D-8A65-548A5FEB1063}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BD7EC55-9F64-416F-83E8-7260D29548A2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72685034-8662-4F4F-B273-65D307705F4D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7683E416-8AF3-4F0D-B205-3B3FA06E6955}]
C:\WINDOWS\system32\jkkjh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC8FC7B-FE26-4E7C-AC48-564809A8A31E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD6E0AEA-1810-402E-A81B-F14734C494CA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 11:31]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2003-10-06 02:57 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 15:36]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 05:50 C:\WINDOWS\LOGI_MWX.EXE]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-20 19:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"pdfFactory Dispatcher v1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe" [2002-04-05 17:02]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-02-25 20:27]
"svhost"="C:\WINDOWS\svhost.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"SearchIndexer"="C:\WINDOWS\system32\gauptsrh.dll" [2007-09-21 19:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2003-12-03 07:17]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 16:35]
"ATI Scheduler"="C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE" [2003-12-03 07:13]
"Ynds"="C:\Program Files\??crosoft.NET\r?ndll32.exe" []
"ISMModule3"="C:\Program Files\ISM\ISMModule3.exe" []
"Gedopdn"="C:\Documents and Settings\Doug\Application Data\?racle\r?gsvr32.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56]
"Tmuo"="C:\DOCUME~1\Doug\APPLIC~1\DOBE~1\msconfig.exe" []

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-09 12:09:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ufqu"=C:\Program Files\InetGet2\stub109_4_0_4_0.exe
"WinAble"=C:\Program Files\WinAble\winable.exe

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 ATITUNEP;ATI WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\atintuxx.sys
R2 ATIXSAudio;ATI WDM TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
R2 PCDCODEC;ATI WDM Specialized PCD Codec;C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
R2 PfDetNT;PfDetNT;\??\C:\WINDOWS\System32\drivers\PfModNT.sys
R3 ativraxx;ATI WDM Rage Theater Audio;C:\WINDOWS\system32\DRIVERS\atinraxx.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-19 07:43:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-21 19:38:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-21 19:40:30 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-21 19:40
C:\ComboFix2.txt ... 2007-09-09 05:50
.
--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:38 PM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\downloads\hijackthis\HiJackThis.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\gauptsrh.dll",sitypnow
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [Ynds] "C:\Program Files\??crosoft.NET\r?ndll32.exe"
O4 - HKCU\..\Run: [ISMModule3] "C:\Program Files\ISM\ISMModule3.exe"
O4 - HKCU\..\Run: [Gedopdn] "C:\Documents and Settings\Doug\Application Data\?racle\r?gsvr32.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tmuo] "C:\DOCUME~1\Doug\APPLIC~1\DOBE~1\msconfig.exe" -vt ndrv
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6542 bytes

Now I have horntmatches popups

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:06 PM

Posted 22 September 2007 - 07:43 AM

Hi,

Please disable your Bitdefender again for next step.

Then, * Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\gauptsrh.dll
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\dpyyddjy.dll
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\rptfwqec.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjkkj.bak2
C:\systrct.exe

Folder::
C:\WINDOWS\RG91Zw
C:\WINDOWS\system32\GRB3
C:\WINDOWS\system32\DLL2
C:\WINDOWS\system32\chks2
C:\Temp
C:\VundoFix Backups

DirLook::
C:\Program Files\Common Files\Update

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{124c21e1-4980-422c-97a5-cd60bb11171b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A5E0856-FDCA-4012-9BFA-BE290402B82A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C4A8F8B-1A61-42C4-6725-4F71C4789FBC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{594AFDA2-A51E-4605-91E6-7BC60445839D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F227995-F51B-4C2D-8A65-548A5FEB1063}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BD7EC55-9F64-416F-83E8-7260D29548A2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72685034-8662-4F4F-B273-65D307705F4D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7683E416-8AF3-4F0D-B205-3B3FA06E6955}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC8FC7B-FE26-4E7C-AC48-564809A8A31E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD6E0AEA-1810-402E-A81B-F14734C494CA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svhost"=-
"SearchIndexer"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ynds"=-
"ISMModule3"=-
"Gedopdn"=-
"Tmuo"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ufqu"=-
"WinAble"=-


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 bleepedindeed

bleepedindeed
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 23 September 2007 - 07:10 AM

Okay. It was better yesterday, a lot fewer pop ups-but more adult. I allowed everything that spy bot wanted to change, I think. There was one I did not get to answer before reboot, if it matters. So:

ComboFix 07-09-21.2 - "Doug" 2007-09-23 7:53:47.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.476 [GMT -4:00]
Command switches used :: C:\downloads\combofix\cfscript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\gauptsrh.dll
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\dpyyddjy.dll
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\rptfwqec.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\hjkkj.bak2
C:\systrct.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\systrct.exe
C:\Temp
C:\VundoFix Backups
C:\WINDOWS\cookies.ini
C:\WINDOWS\RG91Zw
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\abhgneyi.ini
C:\WINDOWS\system32\bdtrjxud.dll
C:\WINDOWS\system32\chks2
C:\WINDOWS\system32\chks2\MSI17bb.exe
C:\WINDOWS\system32\DLL2
C:\WINDOWS\system32\DLL2\MMEMDT83122.exe
C:\WINDOWS\system32\dpyyddjy.dll
C:\WINDOWS\system32\fcqmbbky.exe
C:\WINDOWS\system32\geeba.dll
C:\WINDOWS\system32\GRB3
C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak2
C:\WINDOWS\system32\hjkkj.ini2
C:\WINDOWS\system32\ifjqyqvf.dll
C:\WINDOWS\system32\ikuudfsn.exe
C:\WINDOWS\system32\iyenghba.dll
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\rptfwqec.dll
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\vtutu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))
.

2007-09-22 22:06 1,217 --a------ C:\WINDOWS\checkip.dat
2007-09-20 21:38 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\Bitdefender
2007-09-20 21:28 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-20 21:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-09-20 20:02 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-20 20:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 03:43 <DIR> d-------- C:\Program Files\QuickTime
2007-09-19 03:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-19 03:42 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-19 03:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-09-18 19:02 1,156 --a------ C:\WINDOWS\mozver.dat
2007-09-16 23:42 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\Talkback
2007-09-16 23:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-16 12:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-16 10:26 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-09-16 09:28 <DIR> d-------- C:\Program Files\Common Files\Update
2007-09-12 04:34 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\Download Manager
2007-09-11 02:56 <DIR> d-------- C:\WINDOWS\system32\fonts
2007-09-11 02:56 <DIR> d-------- C:\Sentryco
2007-09-11 02:56 <DIR> d-------- C:\Data
2007-09-10 05:39 <DIR> d-------- C:\PrograChoicesBU
2007-09-10 03:39 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\Corel
2007-09-10 03:36 <DIR> d-------- C:\Program Files\WordPerfect Office 11
2007-09-10 03:36 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-09-09 18:41 <DIR> d-------- C:\Program Files\ScreenPrint
2007-09-09 05:47 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-09 04:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-08 16:46 <DIR> dr------- C:\DOCUME~1\Doug\APPLIC~1\Brother
2007-09-08 13:17 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\WinRAR
2007-09-05 18:23 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\CyberLink
2007-09-05 18:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-09-05 03:25 <DIR> d-------- C:\CHOICES
2007-09-05 03:02 80,880 --a------ C:\WINDOWS\unvise.exe
2007-09-05 03:01 204,800 --a------ C:\WINDOWS\system32\fppmon1.dll
2007-09-05 03:01 106,496 --a------ C:\WINDOWS\system32\fppr132.dll
2007-09-05 02:48 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\FileMaker
2007-09-05 02:47 <DIR> d-------- C:\Program Files\FileMaker
2007-09-04 03:06 72,704 --a------ C:\WINDOWS\system32\ODBCTL32.DLL
2007-09-04 03:06 22,528 --a------ C:\WINDOWS\system32\reboin01.exe
2007-09-04 03:03 <DIR> d-------- C:\PROG
2007-09-03 15:14 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-09-03 15:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAHOO
2007-09-03 15:13 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-03 15:03 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\Roxio
2007-09-03 10:24 <DIR> d---s---- C:\DOCUME~1\Doug\UserData
2007-09-02 18:19 99,328 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2007-09-02 18:19 94,208 --a------ C:\WINDOWS\system32\FEELIT.DLL
2007-09-02 18:19 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2007-09-02 18:19 28,164 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-09-02 18:19 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2007-09-02 18:19 155,648 --a------ C:\WINDOWS\system32\ifc21.dll
2007-09-02 18:19 105,472 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2007-09-02 18:19 <DIR> d-------- C:\Program Files\MUSICMATCH
2007-09-02 18:18 70,238 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2007-09-02 18:18 52,238 --a------ C:\WINDOWS\system32\drivers\L8042pr2.Sys
2007-09-02 18:18 41,420 --------- C:\WINDOWS\system32\drivers\Lhidusb.sys
2007-09-02 18:18 4,524 --a------ C:\WINDOWS\system32\LCoInst.Dll
2007-09-02 18:18 23,838 --------- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS
2007-09-02 18:18 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE
2007-09-02 18:18 152,064 --a------ C:\WINDOWS\system32\lmoufrc.dll
2007-09-02 18:18 14,156 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2007-09-02 18:18 12,640 --a------ C:\WINDOWS\system32\drivers\itchfltr.sys
2007-09-02 18:18 <DIR> d-------- C:\Program Files\Logitech
2007-09-02 18:18 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-09-02 15:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-02 15:49 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-09-02 15:48 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-02 15:46 <DIR> d-------- C:\WINDOWS\EHome
2007-09-02 06:30 <DIR> d-------- C:\downloads
2007-09-02 05:22 <DIR> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2007-09-02 05:13 <DIR> d-------- C:\forms
2007-09-01 23:45 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000009-00001102-00000004-20021102}.dat
2007-09-01 23:45 384 --a------ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000009-00001102-00000004-20021102}.dat
2007-09-01 23:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Napster
2007-09-01 23:38 <DIR> d-------- C:\Program Files\Roxio
2007-09-01 23:38 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-09-01 23:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
2007-09-01 23:34 803,680 --a------ C:\WINDOWS\system32\AXDIST.EXE
2007-09-01 23:34 635,152 --a------ C:\WINDOWS\system32\mapi32x.dll
2007-09-01 23:33 <DIR> d-------- C:\MyFiles
2007-09-01 23:33 <DIR> d-------- C:\Corel
2007-09-01 23:30 <DIR> d-------- C:\Program Files\Brownie
2007-09-01 23:30 <DIR> d-------- C:\Program Files\Brother
2007-09-01 23:28 <DIR> d-------- C:\Program Files\CyberLink
2007-09-01 23:20 60,288 --------- C:\WINDOWS\system32\drivers\drmk.sys
2007-09-01 23:20 145,792 --------- C:\WINDOWS\system32\drivers\portcls.sys
2007-09-01 23:20 10,624 --------- C:\WINDOWS\system32\drivers\gameenum.sys
2007-09-01 23:20 <DIR> d-------- C:\DOCUME~1\Doug\APPLIC~1\Creative
2007-09-01 23:18 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2007-09-01 23:18 <DIR> d-------- C:\WINDOWS\system32\Win9X
2007-09-01 23:17 62,976 --a------ C:\WINDOWS\system32\CTDetres.dll
2007-09-01 23:17 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2007-09-01 23:17 331,776 --a------ C:\WINDOWS\system32\CTMEDENG.DLL
2007-09-01 23:17 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2007-09-01 23:17 24,576 --a------ C:\WINDOWS\system32\CTMERes.DLL
2007-09-01 22:58 1,745,168 --------- C:\WINDOWS\system32\drivers\e10kx2k.sys
2007-09-01 22:55 24,384 --------- C:\WINDOWS\system32\drivers\nmusb.sys
2007-09-01 22:55 22,423 --------- C:\WINDOWS\system32\drivers\oasisusb.sys
2007-09-01 20:19 90,112 -ra------ C:\WINDOWS\system32\SCCD3X02.DLL
2007-09-01 20:19 131,072 -ra------ C:\WINDOWS\system32\SCCD3X01.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 02:56 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-10 03:38 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-09-09 05:39 --------- d-------- C:\Program Files\Common Files\ATI
2007-09-01 23:22 --------- d-------- C:\Program Files\Creative
2007-09-01 19:43 --------- d-------- C:\DOCUME~1\Doug\APPLIC~1\Help
2007-09-01 19:41 --------- d-------- C:\Program Files\Gemstar
2007-09-01 19:41 --------- d-------- C:\Program Files\Common Files\Borland Shared
2007-09-01 19:40 --------- d-------- C:\Program Files\ATI Multimedia
2007-09-01 19:39 --------- d-------- C:\Program Files\Windows Media Components
2007-09-01 19:38 --------- d-------- C:\Program Files\Common Files\CyberLink
2007-09-01 19:37 --------- d-------- C:\Program Files\ATI Technologies
2007-09-01 19:33 --------- d-------- C:\DOCUME~1\Doug\APPLIC~1\InterTrust
2007-09-01 19:32 --------- d-------- C:\Program Files\ASUS
2007-09-01 19:11 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))


---- Directory of C:\Program Files\Common Files\Update ----

2007-09-16 09:28 389120 --a------ C:\Program Files\Common Files\Update\dnse.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="C:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 16:07]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 11:31]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2003-10-06 02:57 C:\WINDOWS\system32\CTHELPER.EXE]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 15:36]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 05:50 C:\WINDOWS\LOGI_MWX.EXE]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-20 19:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"pdfFactory Dispatcher v1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe" [2002-04-05 17:02]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-02-25 20:27]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2003-12-03 07:17]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 16:35]
"ATI Scheduler"="C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE" [2003-12-03 07:13]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-08-09 12:09:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
R2 ATITUNEP;ATI WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\atintuxx.sys
R2 ATIXSAudio;ATI WDM TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
R2 PCDCODEC;ATI WDM Specialized PCD Codec;C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
R2 PfDetNT;PfDetNT;\??\C:\WINDOWS\System32\drivers\PfModNT.sys
R3 ativraxx;ATI WDM Rage Theater Audio;C:\WINDOWS\system32\DRIVERS\atinraxx.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys
S3 ASUSHWIO;ASUSHWIO;\??\C:\WINDOWS\system32\drivers\ASUSHWIO.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-19 07:43:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-23 07:58:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-23 7:59:47 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-23 07:59
C:\ComboFix2.txt ... 2007-09-21 19:40
C:\ComboFix3.txt ... 2007-09-09 05:50
.
--- E O F ---
And:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:10 AM, on 9/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\downloads\hijackthis\HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [pdfFactory Dispatcher v1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.2.1.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6849 bytes
Rebooting with bitdefender.

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:06 PM

Posted 23 September 2007 - 10:01 AM

Hi,

Navigate to and delete the next folders:

C:\Program Files\Common Files\Update
C:\Qoobox

Let me know in your next reply how things are now...
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:06 PM

Posted 28 September 2007 - 03:57 AM

Let me know in your next reply how things are now...

Still with us?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users