Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ssttu.dll Problem


  • This topic is locked This topic is locked
6 replies to this topic

#1 itching4ink

itching4ink

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 05 September 2006 - 12:19 PM

my winpatroll and spywareguard keep picking up on a new BHO and start up SSTTU.dll its starting to really annoy me now and need help to remove it as all me other spyware stuff finds it but dosn't seam to clear it i also used vundofix but that dosn't seamed to have worked either here is my HijackThis report
many thanx whoever can help

Logfile of HijackThis v1.99.1
Scan saved at 18:10:08, on 05/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Tonys\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...&key=SEARCH
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sygate.com/swat/support/spf50_reg.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {81025641-DE98-4F76-902A-44F48B3510BE} - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:57 AM

Posted 05 September 2006 - 05:36 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 itching4ink

itching4ink
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 05 September 2006 - 05:49 PM

hi Sam
run combofix and heres the log
oh and me NOD32 keep picking up threats aswell but it terminates them some files in me C:\WINDOWS\Temp folder i think

Tonys - 06-09-05 23:42:14.96
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Tonys\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((( Files Created from 2006-08-05 to 2006-09-05 ))))))))))))))))))))))))))))))))))


2006-09-05 17:31 692,276 ---hs---- C:\WINDOWS\system32\ssttu.dll
2006-09-05 17:31 505,689 ---hs---- C:\WINDOWS\system32\uttss.bak1
2006-09-02 17:37 135,168 --a------ C:\WINDOWS\system32\12kCUusd.dll
2006-09-02 16:36 4,096 --a------ C:\WINDOWS\system32\ntsystem.exe
2006-09-02 16:06 18,944 --a------ C:\WINDOWS\system32\winbug32.dll
2006-09-02 15:55 4,608 --a------ C:\WINDOWS\system32\ntoskrnl.dll
2006-08-31 21:46 109,056 --a------ C:\WINDOWS\system32\un-gamma.exe
2006-08-30 19:00 76,288 --a------ C:\WINDOWS\system32\ODBCTL32.DLL
2006-08-30 19:00 60,416 --a------ C:\WINDOWS\ST4UNST.EXE
2006-08-30 19:00 35,600 --a------ C:\WINDOWS\system32\MSJINT32.DLL
2006-08-30 19:00 302,352 --a------ C:\WINDOWS\system32\MSWNG300.DLL
2006-08-30 19:00 250,640 --a------ C:\WINDOWS\system32\MSRD2X32.DLL
2006-08-30 19:00 243,984 --a------ C:\WINDOWS\system32\VBAR2232.DLL
2006-08-30 19:00 23,824 --a------ C:\WINDOWS\system32\MSJTER32.DLL
2006-08-30 19:00 1,015,568 --a------ C:\WINDOWS\system32\MSJT3032.DLL
2006-08-23 18:08 41,476 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2006-08-23 05:16 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-23 04:41 270,336 --a------ C:\WINDOWS\system32\imon.dll
2006-08-23 04:33 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-08-23 04:33 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-08-23 04:27 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2006-08-23 04:27 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2006-08-23 04:27 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2006-08-23 04:27 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2006-08-23 04:27 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2006-08-23 04:26 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-08-23 04:24 1,733,816 --a------ C:\WINDOWS\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe
2006-08-23 04:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-23 04:17 51,200 --a------ C:\WINDOWS\system32\sfman32.dll
2006-08-23 04:17 495,616 --a------ C:\WINDOWS\system32\sblfx.dll
2006-08-23 04:17 4,096 --a------ C:\WINDOWS\system32\ctwdm32.dll
2006-08-23 04:17 256,512 --a------ C:\WINDOWS\system32\devcon32.dll
2006-08-23 04:17 24,064 --a------ C:\WINDOWS\system32\devldr32.exe
2006-08-23 03:51 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-05 17:23 -------- d-------- C:\Documents and Settings\Tonys\Application Data\TrojanHunter
2006-09-05 17:09 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-09-05 09:56 -------- d-------- C:\Documents and Settings\Tonys\Application Data\LimeWire
2006-09-05 09:49 -------- d-------- C:\Program Files\CleanUp!
2006-09-05 09:29 -------- d-------- C:\Program Files\Lavasoft RegHance
2006-09-05 09:28 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Lavasoft
2006-09-05 09:26 -------- d-------- C:\Program Files\Lavasoft
2006-09-04 19:56 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-04 03:50 -------- d-a------ C:\Program Files\Luxor
2006-09-03 22:39 -------- d-------- C:\Program Files\a-squared Free
2006-09-02 21:05 -------- d-------- C:\Program Files\SpywareGuard
2006-09-02 20:53 -------- d-------- C:\Program Files\XoftSpy
2006-09-02 20:04 -------- d-------- C:\Program Files\Yahoo!
2006-09-02 18:22 -------- d-------- C:\Program Files\Temp
2006-09-02 15:55 -------- d-------- C:\Program Files\ESET
2006-09-02 15:47 -------- d-------- C:\Program Files\Alcohol Soft
2006-09-02 15:42 -------- d-------- C:\Program Files\Executive Software
2006-08-31 22:55 -------- d-------- C:\Program Files\CyberTweak
2006-08-31 21:46 -------- d-------- C:\Program Files\Worlds
2006-08-31 14:58 -------- d---s---- C:\Documents and Settings\Tonys\Application Data\Microsoft
2006-08-30 23:27 -------- d-------- C:\Documents and Settings\Tonys\Application Data\AdobeUM
2006-08-30 23:25 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-30 23:25 -------- d-------- C:\Program Files\Common Files
2006-08-30 23:25 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Adobe
2006-08-24 15:07 -------- d-------- C:\Program Files\NetMeeting
2006-08-24 03:05 -------- d-------- C:\Program Files\Messenger
2006-08-24 03:05 -------- d-------- C:\Program Files\Internet Explorer
2006-08-24 03:04 -------- d-------- C:\Program Files\Windows Media Player
2006-08-24 03:01 -------- d-------- C:\Program Files\Outlook Express
2006-08-24 03:01 -------- d-------- C:\Program Files\Common Files\System
2006-08-24 01:48 -------- d-------- C:\Documents and Settings\Tonys\Application Data\CyberLink
2006-08-23 22:17 -------- d-------- C:\Program Files\Winamp
2006-08-23 19:43 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Real
2006-08-23 18:06 -------- d-------- C:\Program Files\XviD
2006-08-23 18:06 -------- d-------- C:\Program Files\Gabest
2006-08-23 11:08 -------- d-------- C:\Program Files\Windows NT
2006-08-23 11:07 -------- d-------- C:\Program Files\QuickTime
2006-08-23 11:07 -------- d-------- C:\Program Files\Online Services
2006-08-23 11:07 -------- d-------- C:\Program Files\Movie Maker
2006-08-23 11:07 -------- d-------- C:\Program Files\Microsoft Works
2006-08-23 11:05 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-08-23 11:05 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-08-23 11:05 -------- d-------- C:\Program Files\Common Files\Services
2006-08-23 11:04 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-23 11:04 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-23 11:04 -------- d-------- C:\Program Files\xerox
2006-08-23 11:04 -------- d-------- C:\Program Files\Sonic
2006-08-23 11:04 -------- d-------- C:\Program Files\Real
2006-08-23 11:04 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-23 11:04 -------- d-------- C:\Program Files\MSN
2006-08-23 11:04 -------- d-------- C:\Program Files\Learn2.com
2006-08-23 11:04 -------- d-------- C:\Program Files\CyberLink
2006-08-23 11:04 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\Real
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\Java
2006-08-23 11:04 -------- d-------- C:\Program Files\Adobe
2006-08-23 11:04 -------- d-------- C:\Documents and Settings\Tonys\Application Data\You've Got Pictures Screensaver
2006-08-23 11:04 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Symantec
2006-08-23 11:04 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Sun
2006-08-23 11:04 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Identities
2006-08-23 08:23 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Sonic
2006-08-23 06:14 -------- d-------- C:\Program Files\Shareaza
2006-08-23 06:14 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Shareaza
2006-08-23 06:06 -------- d-------- C:\Program Files\LimeWire
2006-08-23 06:06 -------- d-------- C:\Program Files\Java
2006-08-23 05:20 -------- d-------- C:\Program Files\TechSmith
2006-08-23 04:50 -------- d-------- C:\Program Files\BillP Studios
2006-08-23 04:46 -------- d-------- C:\Program Files\CCleaner
2006-08-23 04:42 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-23 04:42 -------- d-------- C:\Program Files\Google
2006-08-23 04:42 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Google
2006-08-23 04:41 -------- d-------- C:\Program Files\dvdSanta
2006-08-23 04:40 502208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-08-23 04:37 -------- d-------- C:\Program Files\WinRAR
2006-08-23 04:35 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Leadertech
2006-08-23 04:33 -------- d-------- C:\Program Files\DivX
2006-08-23 04:32 -------- d-------- C:\Program Files\Common Files\AOL
2006-08-23 04:28 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-23 04:26 -------- d-------- C:\Program Files\Symantec
2006-08-23 04:19 -------- d-------- C:\Program Files\MSN Messenger
2006-08-23 04:19 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-23 04:16 -------- d-------- C:\Program Files\Microsoft IntelliPoint
2006-08-23 04:15 -------- d-------- C:\Program Files\Microsoft IntelliPoint 5.2
2006-08-23 04:12 -------- d-------- C:\Program Files\MRU-Blaster
2006-08-23 04:06 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-23 04:06 -------- d-------- C:\Program Files\Common Files\Designer
2006-08-23 04:05 -------- d-------- C:\Program Files\Microsoft Office
2006-08-23 04:05 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-23 04:05 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Microsoft Web Folders
2006-08-23 04:04 -------- d-------- C:\Program Files\DVD Shrink
2006-08-23 04:03 -------- d-------- C:\Program Files\Common Files\Jasc Software Inc
2006-08-23 04:02 -------- d-------- C:\Program Files\Jasc Software Inc
2006-08-23 04:02 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-23 04:02 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Jasc Software Inc
2006-08-23 04:01 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Macromedia
2006-08-23 03:51 -------- d-------- C:\Program Files\Sygate
2006-08-23 03:51 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-04 16:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-04 16:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 03:05 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-03 22:40 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-07-03 22:40 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-07-03 22:40 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-06-21 11:49 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-06-21 11:43 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-06-21 11:42 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-06-21 11:42 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-06-21 11:34 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-06-21 11:34 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-06-21 11:34 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-06-21 11:34 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-06-21 11:34 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-06-21 11:33 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-06-21 11:33 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"DiskeeperSystray"="\"C:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\""
"gwiz"="C:\\WINDOWS\\system32\\ntsystem.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssttu


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HDReg.job
C:\WINDOWS\tasks\Registration reminder 3.job
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 06-09-05 23:43:53.56
ComboFix.txt

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:57 AM

Posted 06 September 2006 - 02:18 PM

Click Start -> Run
Copy the command below and paste it into the Run box and click Ok.

"%userprofile%\desktop\combofix.exe" /v ssttu winbug32

When it's done running it will produce a log for you. Please post that log in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 itching4ink

itching4ink
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 06 September 2006 - 02:25 PM

heres that other log for ya Sam

Tonys - 06-09-06 20:19:17.11
ComboFix 06.09.04BT - Running from: C:\Documents and Settings\Tonys\desktop

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\winbug32.dll
C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak2
C:\WINDOWS\system32\uttss.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2006-08-06 to 2006-09-06 ))))))))))))))))))))))))))))))))))


2006-09-02 17:37 135,168 --a------ C:\WINDOWS\system32\12kCUusd.dll
2006-09-02 16:36 4,096 --a------ C:\WINDOWS\system32\ntsystem.exe
2006-09-02 15:55 4,608 --a------ C:\WINDOWS\system32\ntoskrnl.dll
2006-08-31 21:46 109,056 --a------ C:\WINDOWS\system32\un-gamma.exe
2006-08-30 19:00 76,288 --a------ C:\WINDOWS\system32\ODBCTL32.DLL
2006-08-30 19:00 60,416 --a------ C:\WINDOWS\ST4UNST.EXE
2006-08-30 19:00 35,600 --a------ C:\WINDOWS\system32\MSJINT32.DLL
2006-08-30 19:00 302,352 --a------ C:\WINDOWS\system32\MSWNG300.DLL
2006-08-30 19:00 250,640 --a------ C:\WINDOWS\system32\MSRD2X32.DLL
2006-08-30 19:00 243,984 --a------ C:\WINDOWS\system32\VBAR2232.DLL
2006-08-30 19:00 23,824 --a------ C:\WINDOWS\system32\MSJTER32.DLL
2006-08-30 19:00 1,015,568 --a------ C:\WINDOWS\system32\MSJT3032.DLL
2006-08-23 18:08 41,476 --a------ C:\WINDOWS\system32\OggDSuninst.exe
2006-08-23 05:16 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-23 04:41 270,336 --a------ C:\WINDOWS\system32\imon.dll
2006-08-23 04:33 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-08-23 04:33 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-08-23 04:27 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2006-08-23 04:27 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2006-08-23 04:27 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2006-08-23 04:27 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2006-08-23 04:27 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2006-08-23 04:26 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-08-23 04:24 1,733,816 --a------ C:\WINDOWS\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe
2006-08-23 04:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-23 04:17 51,200 --a------ C:\WINDOWS\system32\sfman32.dll
2006-08-23 04:17 495,616 --a------ C:\WINDOWS\system32\sblfx.dll
2006-08-23 04:17 4,096 --a------ C:\WINDOWS\system32\ctwdm32.dll
2006-08-23 04:17 256,512 --a------ C:\WINDOWS\system32\devcon32.dll
2006-08-23 04:17 24,064 --a------ C:\WINDOWS\system32\devldr32.exe
2006-08-23 03:51 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-05 17:23 -------- d-------- C:\Documents and Settings\Tonys\Application Data\TrojanHunter
2006-09-05 17:09 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-09-05 09:56 -------- d-------- C:\Documents and Settings\Tonys\Application Data\LimeWire
2006-09-05 09:49 -------- d-------- C:\Program Files\CleanUp!
2006-09-05 09:29 -------- d-------- C:\Program Files\Lavasoft RegHance
2006-09-05 09:28 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Lavasoft
2006-09-05 09:26 -------- d-------- C:\Program Files\Lavasoft
2006-09-04 19:56 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-04 03:50 -------- d-a------ C:\Program Files\Luxor
2006-09-03 22:39 -------- d-------- C:\Program Files\a-squared Free
2006-09-02 21:05 -------- d-------- C:\Program Files\SpywareGuard
2006-09-02 20:53 -------- d-------- C:\Program Files\XoftSpy
2006-09-02 20:04 -------- d-------- C:\Program Files\Yahoo!
2006-09-02 18:22 -------- d-------- C:\Program Files\Temp
2006-09-02 15:55 -------- d-------- C:\Program Files\ESET
2006-09-02 15:47 -------- d-------- C:\Program Files\Alcohol Soft
2006-09-02 15:42 -------- d-------- C:\Program Files\Executive Software
2006-08-31 22:55 -------- d-------- C:\Program Files\CyberTweak
2006-08-31 21:46 -------- d-------- C:\Program Files\Worlds
2006-08-31 14:58 -------- d---s---- C:\Documents and Settings\Tonys\Application Data\Microsoft
2006-08-30 23:27 -------- d-------- C:\Documents and Settings\Tonys\Application Data\AdobeUM
2006-08-30 23:25 -------- d-------- C:\Program Files\Common Files\Adobe
2006-08-30 23:25 -------- d-------- C:\Program Files\Common Files
2006-08-30 23:25 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Adobe
2006-08-24 15:07 -------- d-------- C:\Program Files\NetMeeting
2006-08-24 03:05 -------- d-------- C:\Program Files\Messenger
2006-08-24 03:05 -------- d-------- C:\Program Files\Internet Explorer
2006-08-24 03:04 -------- d-------- C:\Program Files\Windows Media Player
2006-08-24 03:01 -------- d-------- C:\Program Files\Outlook Express
2006-08-24 03:01 -------- d-------- C:\Program Files\Common Files\System
2006-08-24 01:48 -------- d-------- C:\Documents and Settings\Tonys\Application Data\CyberLink
2006-08-23 22:17 -------- d-------- C:\Program Files\Winamp
2006-08-23 19:43 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Real
2006-08-23 18:06 -------- d-------- C:\Program Files\XviD
2006-08-23 18:06 -------- d-------- C:\Program Files\Gabest
2006-08-23 11:08 -------- d-------- C:\Program Files\Windows NT
2006-08-23 11:07 -------- d-------- C:\Program Files\QuickTime
2006-08-23 11:07 -------- d-------- C:\Program Files\Online Services
2006-08-23 11:07 -------- d-------- C:\Program Files\Movie Maker
2006-08-23 11:07 -------- d-------- C:\Program Files\Microsoft Works
2006-08-23 11:05 -------- d-------- C:\Program Files\Common Files\SureThing Shared
2006-08-23 11:05 -------- d-------- C:\Program Files\Common Files\Sonic Shared
2006-08-23 11:05 -------- d-------- C:\Program Files\Common Files\Services
2006-08-23 11:04 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-23 11:04 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-23 11:04 -------- d-------- C:\Program Files\xerox
2006-08-23 11:04 -------- d-------- C:\Program Files\Sonic
2006-08-23 11:04 -------- d-------- C:\Program Files\Real
2006-08-23 11:04 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-23 11:04 -------- d-------- C:\Program Files\MSN
2006-08-23 11:04 -------- d-------- C:\Program Files\Learn2.com
2006-08-23 11:04 -------- d-------- C:\Program Files\CyberLink
2006-08-23 11:04 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\Real
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-23 11:04 -------- d-------- C:\Program Files\Common Files\Java
2006-08-23 11:04 -------- d-------- C:\Program Files\Adobe
2006-08-23 11:04 -------- d-------- C:\Documents and Settings\Tonys\Application Data\You've Got Pictures Screensaver
2006-08-23 11:04 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Symantec
2006-08-23 11:04 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Sun
2006-08-23 11:04 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Identities
2006-08-23 08:23 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Sonic
2006-08-23 06:14 -------- d-------- C:\Program Files\Shareaza
2006-08-23 06:14 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Shareaza
2006-08-23 06:06 -------- d-------- C:\Program Files\LimeWire
2006-08-23 06:06 -------- d-------- C:\Program Files\Java
2006-08-23 05:20 -------- d-------- C:\Program Files\TechSmith
2006-08-23 04:50 -------- d-------- C:\Program Files\BillP Studios
2006-08-23 04:46 -------- d-------- C:\Program Files\CCleaner
2006-08-23 04:42 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-23 04:42 -------- d-------- C:\Program Files\Google
2006-08-23 04:42 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Google
2006-08-23 04:41 -------- d-------- C:\Program Files\dvdSanta
2006-08-23 04:40 502208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-08-23 04:37 -------- d-------- C:\Program Files\WinRAR
2006-08-23 04:35 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Leadertech
2006-08-23 04:33 -------- d-------- C:\Program Files\DivX
2006-08-23 04:32 -------- d-------- C:\Program Files\Common Files\AOL
2006-08-23 04:28 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-23 04:26 -------- d-------- C:\Program Files\Symantec
2006-08-23 04:19 -------- d-------- C:\Program Files\MSN Messenger
2006-08-23 04:19 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-23 04:16 -------- d-------- C:\Program Files\Microsoft IntelliPoint
2006-08-23 04:15 -------- d-------- C:\Program Files\Microsoft IntelliPoint 5.2
2006-08-23 04:12 -------- d-------- C:\Program Files\MRU-Blaster
2006-08-23 04:06 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-23 04:06 -------- d-------- C:\Program Files\Common Files\Designer
2006-08-23 04:05 -------- d-------- C:\Program Files\Microsoft Office
2006-08-23 04:05 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-23 04:05 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Microsoft Web Folders
2006-08-23 04:04 -------- d-------- C:\Program Files\DVD Shrink
2006-08-23 04:03 -------- d-------- C:\Program Files\Common Files\Jasc Software Inc
2006-08-23 04:02 -------- d-------- C:\Program Files\Jasc Software Inc
2006-08-23 04:02 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-23 04:02 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Jasc Software Inc
2006-08-23 04:01 -------- d-------- C:\Documents and Settings\Tonys\Application Data\Macromedia
2006-08-23 03:51 -------- d-------- C:\Program Files\Sygate
2006-08-23 03:51 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-04 16:37 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-04 16:37 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 03:05 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-03 22:40 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-07-03 22:40 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-07-03 22:40 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-06-21 11:49 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-06-21 11:43 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-06-21 11:42 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-06-21 11:42 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-06-21 11:34 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-06-21 11:34 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-06-21 11:34 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-06-21 11:34 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-06-21 11:34 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-06-21 11:33 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-06-21 11:33 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"PCMService"="\"c:\\Apps\\Powercinema\\PCMService.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"DiskeeperSystray"="\"C:\\Program Files\\Executive Software\\Diskeeper\\DkIcon.exe\""
"gwiz"="C:\\WINDOWS\\system32\\ntsystem.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"HDReg"="c:\\Apps\\HDReg\\HDRegApp.exe -r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HDReg.job
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 06-09-06 20:21:15.86
ComboFix.txt
ComboFix2.txt

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:57 AM

Posted 06 September 2006 - 08:07 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe





Download KillBox and unzip it to your desktop.

Open Killbox and select the Delete on reboot option.
Copy and paste the following file to the field labeled "Full path of file to delete"


C:\WINDOWS\system32\ntsystem.exe


Press the Delete button (the button that looks like a red circle with a white X in it).
A first dialog box will ask if you want to delete the file on reboot, press the YES button.
A second dialog box will ask you if you want to REBOOT now. Press the YES button.

Your computer will reboot.



Please post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:57 AM

Posted 22 September 2006 - 08:04 AM

Unfortunately there has been no response, and this thread will now be closed. :thumbsup:

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users