Sign in to follow this  
comwizz

Infected With Adware Purity Scan Malware..please Help

Recommended Posts

Hi everyone,

I was infected with Adware Purity Scan and lots of other malware yesterday when I downloaded Ares Galaxy P2P plus edition from some site.

I scanned with Ad Aware SE personal and got rid off all the infected files.

Please tell me if I still have some infections.

Thanks a lot

Heres my Hijack This log file contents:

 

Logfile of HijackThis v1.99.1

Scan saved at 5:51:43 PM, on 5/20/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Huawei\MT882\dslagent.exe

E:\WINDOWS\System32\S3tray2.exe

E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

G:\QuickTime\qttask.exe

E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

E:\Program Files\Messenger\msmsgs.exe

E:\DOCUME~1\SMIT~1.SHR\MYDOCU~1\STEM~1\cmd.exe

E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\LimeWire\LimeWire.exe

E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

E:\WINDOWS\System32\wuauclt.exe

E:\Program Files\Internet Explorer\IEXPLORE.EXE

E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

E:\Documents and Settings\smit.SHRENIK\Desktop\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {19C1A463-6F81-465C-A33D-6FE33AEEF298} - E:\WINDOWS\System32\ojgw.dll (file missing)

O2 - BHO: (no name) - {19C2FA35-3B80-1D0D-A33D-6FE33AEEAACC} - E:\WINDOWS\System32\rgzjset.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [DSLAGENTEXE] E:\Program Files\Huawei\MT882\dslagent.exe

O4 - HKLM\..\Run: [soundMan] soundman.exe

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [QuickTime Task] "G:\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Aate] "E:\DOCUME~1\SMIT~1.SHR\MYDOCU~1\STEM~1\cmd.exe" -vt yazb

O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Google Updater.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\System32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by142fd.bay142.hotmail.msn.com/resources/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{482E0750-E281-4654-A3EE-E83B7CF6A1A0}: NameServer = 61.1.96.69,61.1.96.71

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - E:\Program Files\Spyware Doctor\swdsvc.exe

Share this post


Link to post
Share on other sites

1. Download this file - combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Share this post


Link to post
Share on other sites
1. Download this file - combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Thanks a lot for your help . Well , i did as you instructed and downloaded the combofix.exe application and ran it . But it gets stuck on scanning infected files. I waited for about 20 minutes and closed the application after that and tried again . But it isnt going further . Should i try again and wait for more time ?

Share this post


Link to post
Share on other sites

Let's try something different.

 

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
  3. Run AVG Anti-Spyware
  4. From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
  5. After the update finishes (the status bar at the bottom will display "Update successful")
  6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  7. Under "Reports
  8. Select "Automatically generate report after every scan"
  9. Un-Select "Only if threats were found"

Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

 

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:

Ad-Aware SE Setup

Again, do NOT run a scan yet.

 

 

* Next, please reboot your computer in Safe Mode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

* Next, run Ad-aware and perform a full scan. Remove everything found.

  1. Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  3. AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  4. If you have any infections you will prompted, then select "Apply all actions"
  5. Next select the "Reports" icon at the top.
  6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Restart your computer in normal mode.

 

* Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

* After that, post a new hijackthis log here with the report of AVG antispyware.

Share this post


Link to post
Share on other sites
Let's try something different.

 

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
  3. Run AVG Anti-Spyware
  4. From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
  5. After the update finishes (the status bar at the bottom will display "Update successful")
  6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  7. Under "Reports
  8. Select "Automatically generate report after every scan"
  9. Un-Select "Only if threats were found"

Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

 

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:

Ad-Aware SE Setup

Again, do NOT run a scan yet.

* Next, please reboot your computer in Safe Mode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

* Next, run Ad-aware and perform a full scan. Remove everything found.

  1. Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  3. AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  4. If you have any infections you will prompted, then select "Apply all actions"
  5. Next select the "Reports" icon at the top.
  6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Restart your computer in normal mode.

 

* Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

* After that, post a new hijackthis log here with the report of AVG antispyware.

 

 

I am definitely go to download the programs you recommend here and use them but before I do .. I need to ask. I have Norton and Ad Aware and I thought they were about the best per virus and spyware. But more and more I keep getting bombarded with all these other programs .. like even the ones you suggest here. And specifically when Norton technical people had to help me recently with a problem installing AntiVirus 07 .. they said I had a really deep bug in my computer .. what is that name for a root something .. (well I ran all of these root programs and could not find what they meant!) but anyway his final point was that my system was being compromised because I had too many makers of spy and virus programs. I also have SpyBot. So my question to you because of all my Microsoft software and My MSN mail program .. is there a Microsoft Spyware program that is good that works with Ad Aware. Because you know that problem where I think Norton tries to say that AdAware or something is conflicting with it. Oh yea it says that WinPatrol is .. and I like WinPatrol. It is one of the few that is easy for me to read and check to see what new startup programs are running.

 

Anyway it would help to know what to do about my AdAware SE Plus .. and to have my hijack this log looked at .. and to know what spyware program is good that Microsoft Windows makes. Like is that Live One Care any good?

Share this post


Link to post
Share on other sites

There's no need to install onecare now, we'll help kill the bug in the system, so start performing my instructions. :(

Share this post


Link to post
Share on other sites
There's no need to install onecare now, we'll help kill the bug in the system, so start performing my instructions. :(

 

I will ... just want to know your opinion as to why to install other adware programs .. aren't there any that are totally comprehensive ..

 

don't get me wrong .. I am not being judgemental .. I just felt to heed that Norton tech who I was on the phone with for almost a week straight (he in India of course and very very polite and I was blessed to get him ... it does make me mad that me might have only been making probably nothing .. but anyway . he mentioned not having so many manufacturers of virus and spyware programs and I notice here there are always links to others .. so I am just curious .. do they compete and not all have the same information? And finally is AdAware Plus discontinued? Or stopping its virus definition downloads? That I really need to know because there is no explanation for why it continues to say there is no update.

 

Thank you so much .. this will be the first time I have actually gotten a reply to help me out. Calamity Jane was great last time but I had a 1000 ADS and we could not figure out whether they were malware. They were just all of the favicons .. that come up under ADS scans .. and when I remove them .. I have no icons whatsoever for anything that is on the web .. it is sort of ugly .. but I go ahead and remove them at times after running .. what? well of course another different program. ADSSpy ... because Ad Aware Plus goes into freeze upon finding so many ADS.

 

I guess it is alright. But I wonder if Ad Aware Professional would do that. Your opinion about what AdAware program and I need to get now would be much appreciated. Since my Internet Explorer closes down pretty easy .. but I think that is a security thing some where in spybot or winpatrol or norton or maybe it is windows fire thing .. but I think Norton disables that. oh gosh it is too much at times .. so did you mean for me to follow what the people have done above .. I will try to download those if you want .. and I will be back in a few hours .. thank you very much

 

sorry I am too wordy

 

okay I downloaded all 3 of those programs .. comfix .. and the other two .. I will run them .. I will go off line and run them and come back later ..

 

thank you very much!

Edited by brianeclus

Share this post


Link to post
Share on other sites

No problem, the more info we get, the more we can help. :rolleyes:

 

 

That I really need to know because there is no explanation for why it continues to say there is no update.

Maybe Ad-aware is up-to-date? :(

 

but I think that is a security thing some where in spybot or winpatrol or norton or maybe it is windows fire thing .. but I think Norton disables that. oh gosh it is too much at times ..

So much antispyware and antivirus programs installed on one machine is n fact not that good, but as long as you have 1 antivirus in real-time protection you'll be fine, running more antivirus programs in real-time mode is not good, because they will conflict each other and that will lead to false positives and slowness of your system.

 

Antispyware programs in real-time protection is good, but not that nessecary such in the antivirus case, same thing here again, if you have real-time protection, make sure only 1 does, otherwise you'll have the same complications.

 

To make you life easier uninstall Winpatrol and spyware doctor and keep Spybot and Ad-aware, and use Norton as your only Antivirus installed.

So there's no need to install onecare, 'overprotection' is not good either...

Share this post


Link to post
Share on other sites

Thanks a lot for your time and cooperation . I did as instructed and downloaded the Ad-Aware latest version and AVG antispyware already on the system and did the scans . Here are the

reports :

 

 

AVG:

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 23:23 2007-05-21

 

+ Scan result:

 

 

 

D:\Documents and Settings\Smit\Desktop\backups\backup-20060616-091544-740.dll -> Adware.IESearch : No action taken.

F:\Desktop\backups\backup-20060616-091544-740.dll -> Adware.IESearch : No action taken.

E:\Documents and Settings\smit.SHRENIK\Application Data\Fоnts\wіnlogon.exe -> Adware.PurityScan : No action taken.

E:\Program Files\Outerinfo\OiUninstaller.exe -> Adware.PurityScan : No action taken.

E:\System Volume Information\_restore{82A48A10-9C51-4D4E-8B4D-B1D8E38BA72C}\RP18\A0033890.exe -> Adware.PurityScan : No action taken.

E:\WINDOWS\system32\jrle.dll -> Adware.PurityScan : No action taken.

E:\System Volume Information\_restore{82A48A10-9C51-4D4E-8B4D-B1D8E38BA72C}\RP18\A0033943.exe -> Downloader.Agent.bls : No action taken.

E:\QooBox\Quarantine\E\WINDOWS\system32\wintsvtr.exe.vir -> Trojan.Small : No action taken.

E:\System Volume Information\_restore{82A48A10-9C51-4D4E-8B4D-B1D8E38BA72C}\RP21\A0034111.exe -> Trojan.Small : No action taken.

E:\WINDOWS\system32\wintsvtr.exe -> Trojan.Small : No action taken.

 

 

::Report end

 

I quarantined all of the above infections after saving the report .

 

Hijack This :

 

Logfile of HijackThis v1.99.1

Scan saved at 23:44, on 2007-05-21

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Huawei\MT882\dslagent.exe

E:\WINDOWS\System32\S3tray2.exe

E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

G:\QuickTime\qttask.exe

E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

E:\Program Files\Messenger\msmsgs.exe

E:\DOCUME~1\SMIT~1.SHR\MYDOCU~1\STEM~1\cmd.exe

E:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\LimeWire\LimeWire.exe

E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

E:\PROGRA~1\MOZILL~1\FIREFOX.EXE

E:\WINDOWS\System32\wuauclt.exe

E:\Documents and Settings\smit.SHRENIK\Desktop\hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {19C1A463-6F81-465C-A33D-6FE33AEEF298} - E:\WINDOWS\System32\ojgw.dll (file missing)

O2 - BHO: (no name) - {19C2FA35-3B80-1D0D-A33D-6FE33AEEAACC} - E:\WINDOWS\System32\rgzjset.dll (file missing)

O2 - BHO: (no name) - {49C1AD35-6980-1B57-A33D-6FE33AEEA9CC} - E:\WINDOWS\System32\jrle.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [DSLAGENTEXE] E:\Program Files\Huawei\MT882\dslagent.exe

O4 - HKLM\..\Run: [soundMan] soundman.exe

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [QuickTime Task] "G:\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Aate] "E:\DOCUME~1\SMIT~1.SHR\MYDOCU~1\STEM~1\cmd.exe" -vt yazb

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Google Updater.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\System32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by142fd.bay142.hotmail.msn.com/resources/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{482E0750-E281-4654-A3EE-E83B7CF6A1A0}: NameServer = 61.1.96.69,61.1.96.71

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - E:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - E:\Program Files\Spyware Doctor\swdsvc.exe

Edited by comwizz

Share this post


Link to post
Share on other sites
The AVG logs show 'No action taken', are you sure you've deleted everything?

Yeah , i have quarantined all the infections after saving the report so at the time of the report no actions taken is shown. Not deleted the infected files only quarantined them , thought i'd ask you before deleting them.

Share this post


Link to post
Share on other sites
Indeed, I mean quarantined. :D

 

Ok, can you retry to run combofix now?

I tried it again but it is taking well over 15 - 20 minutes ... dont know where it gets stalled as theres no way you know whether the program's working fine or not. :)

This time the program did show some output while scanning for infected files but then got stuck :

E:\Program Files\outerinfo\outerinfo.ico

E:\Program Files\Terms.rtf

E:\Program Files\outerinfo

Share this post


Link to post
Share on other sites

* Please remove these entries from Add/Remove Programs in the Control Panel(if present):

To do this, click 'Start' then 'Control Panel', then double-click on Add/Remove Programs.

 

 

Oin

Yazzle by Oin

YazzleActiveX By OIN

Purityscan by Oin

MediaTickets by OIN

Snowballwars by Oin

Cowabanga by OIN

or anything similar with Oin in it.

 

Reboot when done! Really important!

 

After that, try again to run combofix.

Share this post


Link to post
Share on other sites
* Please remove these entries from Add/Remove Programs in the Control Panel(if present):

To do this, click 'Start' then 'Control Panel', then double-click on Add/Remove Programs.

Oin

Yazzle by Oin

YazzleActiveX By OIN

Purityscan by Oin

MediaTickets by OIN

Snowballwars by Oin

Cowabanga by OIN

or anything similar with Oin in it.

 

Reboot when done! Really important!

 

After that, try again to run combofix.

Removed an outer info program and then rebooted the pc but still the combofix app isnt running correctly

Share this post


Link to post
Share on other sites

Sorry for the delay in my reply . I tried installing Win XP SP1 but I have SP2 so how can i downgrade to SP1 ? also i ran the combofix application again but the application still gets stuck after the following output :

 

"E:\Program Files\outerinfo\OiUninstaller.exe"

"E:\Program Files\outerinfo\outerinfo.ico"

"E:\Program Files\outerinfo\Terms.rtf"

"E:\WINDOWS\system32\wintsvtr.exe"

"E:\Program Files\outerinfo"

 

Also , the outer info program keeps on coming each time I boot the computer . My AVG antispyware shield free version expired a day ago , so it would be great if you can suggest some freeware antivirus program with a resident shield.

The Background Intelligent Transfer service for Windows update does not start and gives error 126 : Module not found . Also the display resolution canot be changed to any other except for 800X600

Thanks

Edited by comwizz

Share this post


Link to post
Share on other sites

I ran SpyNoMore antispyware and it showed other 6 infections apart from the Outerinfo Adware Server All of them were Trojan Vundos. what should I do ? please help as SpynoMore is not free.

Share this post


Link to post
Share on other sites

I downloaded combofix.exe from the techsupport web site and it worked .

So , here I am posting the Logs of Combofix and Hijack This :

 

"smit" - 2007-05-25 20:04:43 Service Pack 2

ComboFix 07-05.25.3V - Running from: "E:\Documents and Settings\smit.SHRENIK\Desktop\"

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

 

Purity Folders:

 

E:\WINDOWS\system32\ECURIT~1

E:\Program Files\SSTEM~1

E:\Program Files\YMBOLS~1

E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\FNTS~1

E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\ASKS~1

E:\DOCUME~1\SMIT~1.SHR\MYDOCU~1\STEM~1

E:\DOCUME~1\SMIT~1.SHR\MYDOCU~1\ICROSO~1.NET

 

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 ))))))))))))))))))))))))))))))))))

 

 

2007-05-25 19:41 1,152 --a------ E:\WINDOWS\system32\windrv.sys

2007-05-25 19:41 <DIR> d-------- E:\Program Files\SpyNoMore

2007-05-25 18:47 1,156 --a------ E:\WINDOWS\mozver.dat

2007-05-25 18:43 <DIR> d-------- E:\WINDOWS\system32\SoftwareDistribution

2007-05-25 10:11 60,928 --a------ E:\WINDOWS\system32\pniucqre.dll

2007-05-23 14:13 3,968 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-05-23 14:11 <DIR> d-------- E:\WINDOWS\system32\çasks

2007-05-23 14:11 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\çasks

2007-05-23 13:25 <DIR> d-------- E:\Mozilla Firefox

2007-05-23 13:25 <DIR> d-------- E:\Lavasoft

2007-05-23 13:24 <DIR> d-------- E:\Spyware Doctor

2007-05-23 13:24 <DIR> d-------- E:\Spybot - Search & Destroy

2007-05-23 13:11 <DIR> d-------- E:\WINDOWS\Prefetch

2007-05-23 13:04 221,184 --a------ E:\WINDOWS\system32\wmpns.dll

2007-05-23 13:01 8,192 --a------ E:\WINDOWS\system32\bitsprx2.dll

2007-05-23 13:01 7,168 --a------ E:\WINDOWS\system32\bitsprx3.dll

2007-05-23 13:01 22,528 --a------ E:\WINDOWS\system32\fltMc.exe

2007-05-23 13:01 16,896 --a------ E:\WINDOWS\system32\fltlib.dll

2007-05-23 13:01 124,800 --a------ E:\WINDOWS\system32\drivers\fltMgr.sys

2007-05-23 12:56 27,165 --a------ E:\WINDOWS\system32\drivers\fetnd5.sys

2007-05-23 12:56 <DIR> d-------- E:\WINDOWS\system32\ReinstallBackups

2007-05-23 12:53 24,661 --a------ E:\WINDOWS\system32\spxcoins.dll

2007-05-23 12:53 13,312 --a------ E:\WINDOWS\system32\irclass.dll

2007-05-23 12:41 <DIR> d-------- E:\WINDOWS\Provisioning

2007-05-23 12:41 <DIR> d-------- E:\WINDOWS\PeerNet

2007-05-23 12:41 <DIR> d-------- E:\WINDOWS\ehome

2007-05-23 12:38 76,544 --a------ E:\WINDOWS\system32\drivers\viaudio.sys

2007-05-23 12:38 <DIR> d-------- E:\WINDOWS\setup.pss

2007-05-22 00:55 465,176 --a------ E:\WINDOWS\system32\wuapi.dll

2007-05-22 00:55 41,240 --a------ E:\WINDOWS\system32\wups.dll

2007-05-22 00:55 194,328 --a------ E:\WINDOWS\system32\wuaueng1.dll

2007-05-22 00:55 18,200 --a------ E:\WINDOWS\system32\wups2.dll

2007-05-22 00:55 172,312 --a------ E:\WINDOWS\system32\wuauclt1.exe

2007-05-22 00:55 127,256 --a------ E:\WINDOWS\system32\wucltui.dll

2007-05-22 00:54 <DIR> d-------- E:\WINDOWS\SoftwareDistribution

2007-05-20 20:49 <DIR> d-------- E:\Program Files\Common Files\Wise Installation Wizard

2007-05-20 18:37 <DIR> d-------- E:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy

2007-05-20 14:14 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\Lavasoft

2007-05-20 13:35 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\Google

2007-05-19 18:55 <DIR> d-------- E:\DOCUME~1\SAUMYA~1.SHR\APPLIC~1\Google

2007-05-19 11:03 <DIR> d-------- E:\WINDOWS\pss

2007-05-18 22:24 83,536 --a------ E:\WINDOWS\system32\drivers\iksyssec.sys

2007-05-18 22:24 626,688 --a------ E:\WINDOWS\system32\msvcr80.dll

2007-05-18 22:24 59,984 --a------ E:\WINDOWS\system32\drivers\iksysflt.sys

2007-05-18 22:24 52,304 --a------ E:\WINDOWS\system32\drivers\ikfilesec.sys

2007-05-18 22:24 499,712 --a------ E:\WINDOWS\system32\msvcp71.dll

2007-05-18 22:24 39,248 --a------ E:\WINDOWS\system32\drivers\ikfileflt.sys

2007-05-18 22:24 348,160 --a------ E:\WINDOWS\system32\msvcr71.dll

2007-05-18 22:24 26,064 --a------ E:\WINDOWS\system32\drivers\kcom.sys

2007-05-18 22:24 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\PC Tools

2007-05-18 22:22 2,560 --------- E:\WINDOWS\system32\drivers\cdralw2k.sys

2007-05-18 22:22 2,432 --------- E:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-05-18 22:21 <DIR> d-------- E:\Program Files\Picasa2

2007-05-18 22:20 <DIR> d-------- E:\WINDOWS\system32\runtime

2007-05-18 22:20 <DIR> d-------- E:\Program Files\Norton Security Scan

2007-05-18 22:19 <DIR> d-------- E:\Program Files\Google

2007-05-18 22:19 <DIR> d-------- E:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google Updater

2007-05-18 22:19 <DIR> d-------- E:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google

2007-05-18 21:57 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\Talkback

2007-05-15 10:49 0 --a------ E:\WINDOWS\nsreg.dat

2007-05-15 10:49 <DIR> d-------- E:\DOCUME~1\SAUMYA~1.SHR\APPLIC~1\Talkback

2007-05-14 17:31 <DIR> d--hs---- E:\WINDOWS\CSC

2007-05-11 20:52 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\Incomplete

2007-05-11 20:51 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\LimeWire

2007-05-11 17:27 <DIR> d-------- E:\Program Files\Ahead

2007-05-11 12:10 24,504 --a------ E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\GDIPFONTCACHEV1.DAT

2007-05-08 22:06 524,288 --ah----- E:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-05-08 20:46 <DIR> d--h----- E:\BJPrinter

2007-05-03 19:07 501 --a------ E:\WINDOWS\eReg.dat

2007-05-03 08:34 24,504 --a------ E:\DOCUME~1\SAUMYA~1.SHR\APPLIC~1\GDIPFONTCACHEV1.DAT

2007-04-30 17:43 86,016 --a------ E:\WINDOWS\unvise32qt.exe

2007-04-30 17:42 <DIR> d-------- E:\WINDOWS\system32\QuickTime

2007-04-29 17:07 7,552 --a------ E:\WINDOWS\system32\drivers\SONYPVU1.SYS

2007-04-29 13:36 <DIR> d-------- E:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime

2007-04-29 13:34 <DIR> d-------- E:\WINDOWS\Downloaded Installations

2007-04-28 10:09 <DIR> d-------- E:\Program Files\Microsoft ActiveSync

2007-04-28 10:08 <DIR> d--h----- E:\WINDOWS\ShellNew

2007-04-27 12:52 98,304 --a------ E:\WINDOWS\system32\msir3jp.dll

2007-04-27 12:52 838,144 --a------ E:\WINDOWS\system32\chtbrkr.dll

2007-04-27 12:52 811,064 --a------ E:\WINDOWS\system32\imjp81k.dll

2007-04-27 12:52 76,288 --a------ E:\WINDOWS\system32\uniime.dll

2007-04-27 12:52 70,656 --a------ E:\WINDOWS\system32\korwbrkr.dll

2007-04-27 12:52 6,656 --a------ E:\WINDOWS\system32\c_is2022.dll

2007-04-27 12:52 218,112 --a------ E:\WINDOWS\system32\c_g18030.dll

2007-04-27 12:52 1,677,824 --a------ E:\WINDOWS\system32\chsbrkr.dll

2007-04-27 09:32 5,632 --a------ E:\WINDOWS\system32\CNMVS3y.DLL

2007-04-27 09:32 36,864 --a------ E:\WINDOWS\system32\CNMCP3Y.EXE

2007-04-27 09:29 97,280 --------- E:\WINDOWS\system32\CNMLM3y.DLL

2007-04-27 08:45 <DIR> d---s---- E:\DOCUME~1\SAUMYA~1.SHR\UserData

2007-04-27 08:42 <DIR> d--h----- E:\WINDOWS\PIF

2007-04-26 09:07 69,632 --a------ E:\WINDOWS\system32\lfgif13n.dll

2007-04-26 09:07 57,344 --a------ E:\WINDOWS\system32\lfbmp13n.dll

2007-04-26 09:07 462,848 --a------ E:\WINDOWS\system32\ltkrn13n.dll

2007-04-26 09:07 450,560 --a------ E:\WINDOWS\system32\ltimg13n.dll

2007-04-26 09:07 401,408 --a------ E:\WINDOWS\system32\lfcmp13n.dll

2007-04-26 09:07 299,008 --a------ E:\WINDOWS\system32\ltdis13n.dll

2007-04-26 09:07 206,336 --a------ E:\WINDOWS\system32\ltefx13n.dll

2007-04-26 09:07 163,840 --a------ E:\WINDOWS\system32\ltfil13n.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-05-23 08:41:40 -------- d-----w E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\?asks

2007-05-23 07:30:08 22,720 ----a-w E:\WINDOWS\system32\emptyregdb.dat

2007-04-23 17:21:10 1,272 ----a-w E:\WINDOWS\unins000.dat

2007-04-23 17:21:04 -------- d-----w E:\Program Files\Yahoo!

2007-04-23 15:31:56 -------- d-----w E:\Program Files\S3

2007-04-12 12:20:16 2,783,048 ----a-w E:\WINDOWS\system32\GPhotos.scr

2007-03-15 06:53:16 497,496 ----a-w E:\WINDOWS\system32\XceedZip.dll

2007-03-15 06:49:58 526,184 ----a-w E:\WINDOWS\system32\XceedCry.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-06 09:28]

{19C1A463-6F81-465C-A33D-6FE33AEEF298}=E:\WINDOWS\System32\ojgw.dll []

{19C2FA35-3B80-1D0D-A33D-6FE33AEEAACC}=E:\WINDOWS\System32\rgzjset.dll []

{49C1AD35-6980-1B57-A33D-6FE33AEEA9CC}=E:\WINDOWS\System32\jrle.dll []

{AA58ED58-01DD-4d91-8333-CF10577473F7}=e:\program files\google\googletoolbar1.dll [2007-05-18 22:19]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [2007-05-18 22:19]

{CE721A1A-DDAA-FF2D-D97A-8BADDEB07498}=E:\WINDOWS\system32\pniucqre.dll [2007-05-21 19:29]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DSLAGENTEXE"="E:\Program Files\Huawei\MT882\dslagent.exe" [2003-10-31 15:26]

"SoundMan"="soundman.exe" []

"S3TRAY2"="S3tray2.exe" [2001-10-12 11:02 E:\WINDOWS\system32\S3tray2.exe]

"QuickTime Task"="G:\QuickTime\qttask.exe" [2007-04-30 17:43]

"NeroCheck"="E:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 16:20]

"SunJavaUpdateSched"="E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]

"IMJPMIG8.1"="E:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 17:30]

"IMEKRMIG6.1"="E:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 17:30]

"MSPY2002"="E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 17:30]

"PHIME2002ASync"="E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 17:30]

"PHIME2002A"="E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 17:30]

"!AVG Anti-Spyware"="E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 17:50]

"SNM"="E:\Program Files\SpyNoMore\SNM.exe" [2007-04-14 20:25]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]

"Aate"="E:\DOCUME~1\SMIT~1.SHR\MYDOCU~1\STEM~1\cmd.exe" []

"Atca"="E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\ASKS~1\nopdb.exe" []

"Drrmb"="E:\Program Files\?ymbols\r?ndll.exe" []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 19:43]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

"C:\Program Files\Ares Galaxy P2P Plus\Ares.exe" -h

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-18 16:50:10 E:\WINDOWS\tasks\Norton Security Scan.job

 

********************************************************************

 

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-25 20:07:07

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

disk error: E:\WINDOWS\

 

please note that you need administrator rights to perform deep scan

 

********************************************************************

 

Completion time: 2007-05-25 20:09:05 - machine was rebooted

E:\ComboFix-quarantined-files.txt ... 2007-05-25 20:08

 

--- E O F ---

 

 

 

Hijach This :

 

Logfile of HijackThis v1.99.1

Scan saved at 8:11:24 PM, on 5/25/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

E:\Program Files\Huawei\MT882\dslagent.exe

E:\WINDOWS\system32\S3tray2.exe

G:\QuickTime\qttask.exe

E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

E:\Program Files\SpyNoMore\SNM.exe

E:\Program Files\Messenger\msmsgs.exe

E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

E:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\LimeWire\LimeWire.exe

E:\WINDOWS\system32\wuauclt.exe

E:\WINDOWS\system32\wscntfy.exe

E:\WINDOWS\system32\notepad.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Documents and Settings\smit.SHRENIK\Desktop\hijackthis\HijackThis.exe

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {19C1A463-6F81-465C-A33D-6FE33AEEF298} - E:\WINDOWS\System32\ojgw.dll (file missing)

O2 - BHO: (no name) - {19C2FA35-3B80-1D0D-A33D-6FE33AEEAACC} - E:\WINDOWS\System32\rgzjset.dll (file missing)

O2 - BHO: (no name) - {49C1AD35-6980-1B57-A33D-6FE33AEEA9CC} - E:\WINDOWS\System32\jrle.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

O2 - BHO: (no name) - {CE721A1A-DDAA-FF2D-D97A-8BADDEB07498} - E:\WINDOWS\system32\pniucqre.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [DSLAGENTEXE] E:\Program Files\Huawei\MT882\dslagent.exe

O4 - HKLM\..\Run: [soundMan] soundman.exe

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [QuickTime Task] "G:\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] E:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [sNM] E:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Aate] "E:\DOCUME~1\SMIT~1.SHR\MYDOCU~1\STEM~1\cmd.exe" -vt yazb

O4 - HKCU\..\Run: [Atca] "E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\ASKS~1\nopdb.exe" -vt yazb

O4 - HKCU\..\Run: [Drrmb] "E:\Program Files\?ymbols\r?ndll.exe"

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Google Updater.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\System32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by142fd.bay142.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179907566560

O17 - HKLM\System\CCS\Services\Tcpip\..\{482E0750-E281-4654-A3EE-E83B7CF6A1A0}: NameServer = 61.1.96.69,61.1.96.71

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - E:\Program Files\Spyware Doctor\svcntaux.exe (file missing)

O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - E:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

Share this post


Link to post
Share on other sites

* Please remove these entries from Add/Remove Programs in the Control Panel(if present):

To do this, click 'Start' then 'Control Panel', then double-click on Add/Remove Programs.

Spynomore

Oin

Yazzle by Oin

YazzleActiveX By OIN

Purityscan by Oin

MediaTickets by OIN

Snowballwars by Oin

Cowabanga by OIN

or anything similar with Oin in it.

 

Reboot when done! Really important!

 

After that, rerun combofix and post the report here with a new hijackthis log.

Share this post


Link to post
Share on other sites

Heres the scan after removing the products of OI

 

"smit" - 2007-05-26 14:02:03 Service Pack 2

ComboFix 07-05.25.3V - Running from: "E:\Documents and Settings\smit.SHRENIK\Desktop\"

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-26 ))))))))))))))))))))))))))))))))))

 

 

2007-05-26 11:50 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\DivX

2007-05-26 11:42 129,784 --------- E:\WINDOWS\system32\pxafs.dll

2007-05-26 11:42 118,520 --------- E:\WINDOWS\system32\pxinsi64.exe

2007-05-26 11:42 116,472 --------- E:\WINDOWS\system32\pxcpyi64.exe

2007-05-26 11:42 <DIR> d-------- E:\Program Files\DivX

2007-05-25 20:09 49,152 --a------ E:\WINDOWS\nircmd.exe

2007-05-25 19:41 1,152 --a------ E:\WINDOWS\system32\windrv.sys

2007-05-25 18:47 1,156 --a------ E:\WINDOWS\mozver.dat

2007-05-25 18:43 <DIR> d-------- E:\WINDOWS\system32\SoftwareDistribution

2007-05-25 10:11 60,928 --a------ E:\WINDOWS\system32\pniucqre.dll

2007-05-23 14:13 3,968 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-05-23 14:11 <DIR> d-------- E:\WINDOWS\system32\çasks

2007-05-23 14:11 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\çasks

2007-05-23 13:25 <DIR> d-------- E:\Mozilla Firefox

2007-05-23 13:25 <DIR> d-------- E:\Lavasoft

2007-05-23 13:24 <DIR> d-------- E:\Spyware Doctor

2007-05-23 13:24 <DIR> d-------- E:\Spybot - Search & Destroy

2007-05-23 13:11 <DIR> d-------- E:\WINDOWS\Prefetch

2007-05-23 13:04 221,184 --a------ E:\WINDOWS\system32\wmpns.dll

2007-05-23 13:01 8,192 --a------ E:\WINDOWS\system32\bitsprx2.dll

2007-05-23 13:01 7,168 --a------ E:\WINDOWS\system32\bitsprx3.dll

2007-05-23 13:01 22,528 --a------ E:\WINDOWS\system32\fltMc.exe

2007-05-23 13:01 16,896 --a------ E:\WINDOWS\system32\fltlib.dll

2007-05-23 13:01 124,800 --a------ E:\WINDOWS\system32\drivers\fltMgr.sys

2007-05-23 12:56 27,165 --a------ E:\WINDOWS\system32\drivers\fetnd5.sys

2007-05-23 12:56 <DIR> d-------- E:\WINDOWS\system32\ReinstallBackups

2007-05-23 12:53 24,661 --a------ E:\WINDOWS\system32\spxcoins.dll

2007-05-23 12:53 13,312 --a------ E:\WINDOWS\system32\irclass.dll

2007-05-23 12:41 <DIR> d-------- E:\WINDOWS\Provisioning

2007-05-23 12:41 <DIR> d-------- E:\WINDOWS\PeerNet

2007-05-23 12:41 <DIR> d-------- E:\WINDOWS\ehome

2007-05-23 12:38 76,544 --a------ E:\WINDOWS\system32\drivers\viaudio.sys

2007-05-23 12:38 <DIR> d-------- E:\WINDOWS\setup.pss

2007-05-22 00:55 465,176 --a------ E:\WINDOWS\system32\wuapi.dll

2007-05-22 00:55 41,240 --a------ E:\WINDOWS\system32\wups.dll

2007-05-22 00:55 194,328 --a------ E:\WINDOWS\system32\wuaueng1.dll

2007-05-22 00:55 18,200 --a------ E:\WINDOWS\system32\wups2.dll

2007-05-22 00:55 172,312 --a------ E:\WINDOWS\system32\wuauclt1.exe

2007-05-22 00:55 127,256 --a------ E:\WINDOWS\system32\wucltui.dll

2007-05-22 00:54 <DIR> d-------- E:\WINDOWS\SoftwareDistribution

2007-05-20 20:49 <DIR> d-------- E:\Program Files\Common Files\Wise Installation Wizard

2007-05-20 18:37 <DIR> d-------- E:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy

2007-05-20 14:14 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\Lavasoft

2007-05-20 13:35 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\Google

2007-05-19 18:55 <DIR> d-------- E:\DOCUME~1\SAUMYA~1.SHR\APPLIC~1\Google

2007-05-19 11:03 <DIR> d-------- E:\WINDOWS\pss

2007-05-18 22:24 83,536 --a------ E:\WINDOWS\system32\drivers\iksyssec.sys

2007-05-18 22:24 626,688 --a------ E:\WINDOWS\system32\msvcr80.dll

2007-05-18 22:24 59,984 --a------ E:\WINDOWS\system32\drivers\iksysflt.sys

2007-05-18 22:24 52,304 --a------ E:\WINDOWS\system32\drivers\ikfilesec.sys

2007-05-18 22:24 499,712 --a------ E:\WINDOWS\system32\msvcp71.dll

2007-05-18 22:24 39,248 --a------ E:\WINDOWS\system32\drivers\ikfileflt.sys

2007-05-18 22:24 348,160 --a------ E:\WINDOWS\system32\msvcr71.dll

2007-05-18 22:24 26,064 --a------ E:\WINDOWS\system32\drivers\kcom.sys

2007-05-18 22:24 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\PC Tools

2007-05-18 22:22 2,560 --------- E:\WINDOWS\system32\drivers\cdralw2k.sys

2007-05-18 22:22 2,432 --------- E:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-05-18 22:21 <DIR> d-------- E:\Program Files\Picasa2

2007-05-18 22:20 <DIR> d-------- E:\WINDOWS\system32\runtime

2007-05-18 22:20 <DIR> d-------- E:\Program Files\Norton Security Scan

2007-05-18 22:19 <DIR> d-------- E:\Program Files\Google

2007-05-18 22:19 <DIR> d-------- E:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google Updater

2007-05-18 22:19 <DIR> d-------- E:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google

2007-05-18 21:57 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\Talkback

2007-05-15 10:49 0 --a------ E:\WINDOWS\nsreg.dat

2007-05-15 10:49 <DIR> d-------- E:\DOCUME~1\SAUMYA~1.SHR\APPLIC~1\Talkback

2007-05-14 17:31 <DIR> d--hs---- E:\WINDOWS\CSC

2007-05-11 23:24 524,288 --a------ E:\WINDOWS\system32\DivXsm.exe

2007-05-11 20:52 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\Incomplete

2007-05-11 20:51 <DIR> d-------- E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\LimeWire

2007-05-11 17:27 <DIR> d-------- E:\Program Files\Ahead

2007-05-11 12:10 24,504 --a------ E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\GDIPFONTCACHEV1.DAT

2007-05-11 10:07 823,296 --a------ E:\WINDOWS\system32\divx_xx0c.dll

2007-05-11 10:07 823,296 --a------ E:\WINDOWS\system32\divx_xx07.dll

2007-05-11 10:07 802,816 --a------ E:\WINDOWS\system32\divx_xx11.dll

2007-05-11 10:07 740,442 --a------ E:\WINDOWS\system32\DivX.dll

2007-05-08 22:06 524,288 --ah----- E:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-05-08 20:46 <DIR> d--h----- E:\BJPrinter

2007-05-03 19:07 501 --a------ E:\WINDOWS\eReg.dat

2007-05-03 08:34 24,504 --a------ E:\DOCUME~1\SAUMYA~1.SHR\APPLIC~1\GDIPFONTCACHEV1.DAT

2007-04-30 17:43 86,016 --a------ E:\WINDOWS\unvise32qt.exe

2007-04-30 17:42 <DIR> d-------- E:\WINDOWS\system32\QuickTime

2007-04-29 17:07 7,552 --a------ E:\WINDOWS\system32\drivers\SONYPVU1.SYS

2007-04-29 13:36 <DIR> d-------- E:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime

2007-04-29 13:34 <DIR> d-------- E:\WINDOWS\Downloaded Installations

2007-04-28 10:09 <DIR> d-------- E:\Program Files\Microsoft ActiveSync

2007-04-28 10:08 <DIR> d--h----- E:\WINDOWS\ShellNew

2007-04-27 12:52 98,304 --a------ E:\WINDOWS\system32\msir3jp.dll

2007-04-27 12:52 838,144 --a------ E:\WINDOWS\system32\chtbrkr.dll

2007-04-27 12:52 811,064 --a------ E:\WINDOWS\system32\imjp81k.dll

2007-04-27 12:52 76,288 --a------ E:\WINDOWS\system32\uniime.dll

2007-04-27 12:52 70,656 --a------ E:\WINDOWS\system32\korwbrkr.dll

2007-04-27 12:52 6,656 --a------ E:\WINDOWS\system32\c_is2022.dll

2007-04-27 12:52 218,112 --a------ E:\WINDOWS\system32\c_g18030.dll

2007-04-27 12:52 1,677,824 --a------ E:\WINDOWS\system32\chsbrkr.dll

2007-04-27 09:32 5,632 --a------ E:\WINDOWS\system32\CNMVS3y.DLL

2007-04-27 09:32 36,864 --a------ E:\WINDOWS\system32\CNMCP3Y.EXE

2007-04-27 09:29 97,280 --------- E:\WINDOWS\system32\CNMLM3y.DLL

2007-04-27 08:45 <DIR> d---s---- E:\DOCUME~1\SAUMYA~1.SHR\UserData

2007-04-27 08:42 <DIR> d--h----- E:\WINDOWS\PIF

2007-04-26 09:07 69,632 --a------ E:\WINDOWS\system32\lfgif13n.dll

2007-04-26 09:07 57,344 --a------ E:\WINDOWS\system32\lfbmp13n.dll

2007-04-26 09:07 462,848 --a------ E:\WINDOWS\system32\ltkrn13n.dll

2007-04-26 09:07 450,560 --a------ E:\WINDOWS\system32\ltimg13n.dll

2007-04-26 09:07 401,408 --a------ E:\WINDOWS\system32\lfcmp13n.dll

2007-04-26 09:07 299,008 --a------ E:\WINDOWS\system32\ltdis13n.dll

2007-04-26 09:07 206,336 --a------ E:\WINDOWS\system32\ltefx13n.dll

2007-04-26 09:07 163,840 --a------ E:\WINDOWS\system32\ltfil13n.dll

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-05-23 08:41:40 -------- d-----w E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\?asks

2007-05-23 07:30:08 22,720 ----a-w E:\WINDOWS\system32\emptyregdb.dat

2007-04-23 17:21:10 1,272 ----a-w E:\WINDOWS\unins000.dat

2007-04-23 17:21:04 -------- d-----w E:\Program Files\Yahoo!

2007-04-23 15:31:56 -------- d-----w E:\Program Files\S3

2007-04-23 00:15:30 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll

2007-04-23 00:15:26 36,624 ------w E:\WINDOWS\system32\drivers\pxhelp20.sys

2007-04-23 00:15:20 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll

2007-04-23 00:15:20 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll

2007-04-23 00:02:36 73,728 ----a-w E:\WINDOWS\system32\dpl100.dll

2007-04-23 00:02:36 196,608 ----a-w E:\WINDOWS\system32\dtu100.dll

2007-04-23 00:02:34 53,248 ----a-w E:\WINDOWS\system32\dpuGUI10.dll

2007-04-23 00:02:32 593,920 ----a-w E:\WINDOWS\system32\dpuGUI11.dll

2007-04-23 00:02:32 57,344 ----a-w E:\WINDOWS\system32\dpv11.dll

2007-04-23 00:02:32 344,064 ----a-w E:\WINDOWS\system32\dpus11.dll

2007-04-23 00:02:32 294,912 ----a-w E:\WINDOWS\system32\dpu11.dll

2007-04-23 00:02:32 294,912 ----a-w E:\WINDOWS\system32\dpu10.dll

2007-04-23 00:01:48 124,472 ----a-w E:\WINDOWS\system32\DivXCodecUpdateChecker.exe

2007-04-23 00:01:48 12,288 ----a-w E:\WINDOWS\system32\DivXWMPExtType.dll

2007-04-12 12:20:16 2,783,048 ----a-w E:\WINDOWS\system32\GPhotos.scr

2007-03-15 06:53:16 497,496 ----a-w E:\WINDOWS\system32\XceedZip.dll

2007-03-15 06:49:58 526,184 ----a-w E:\WINDOWS\system32\XceedCry.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{02478D38-C3F9-4EFB-9B51-7695ECA05670}=E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-06 09:28]

{19C1A463-6F81-465C-A33D-6FE33AEEF298}=E:\WINDOWS\System32\ojgw.dll []

{19C2FA35-3B80-1D0D-A33D-6FE33AEEAACC}=E:\WINDOWS\System32\rgzjset.dll []

{49C1AD35-6980-1B57-A33D-6FE33AEEA9CC}=E:\WINDOWS\System32\jrle.dll []

{AA58ED58-01DD-4d91-8333-CF10577473F7}=e:\program files\google\googletoolbar1.dll [2007-05-18 22:19]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [2007-05-18 22:19]

{CE721A1A-DDAA-FF2D-D97A-8BADDEB07498}=E:\WINDOWS\system32\pniucqre.dll [2007-05-21 19:29]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DSLAGENTEXE"="E:\Program Files\Huawei\MT882\dslagent.exe" [2003-10-31 15:26]

"SoundMan"="soundman.exe" []

"S3TRAY2"="S3tray2.exe" [2001-10-12 11:02 E:\WINDOWS\system32\S3tray2.exe]

"QuickTime Task"="G:\QuickTime\qttask.exe" [2007-04-30 17:43]

"NeroCheck"="E:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 16:20]

"SunJavaUpdateSched"="E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]

"IMJPMIG8.1"="E:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 17:30]

"IMEKRMIG6.1"="E:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 17:30]

"MSPY2002"="E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 17:30]

"PHIME2002ASync"="E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 17:30]

"PHIME2002A"="E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 17:30]

"SNM"="E:\Program Files\SpyNoMore\SNM.exe" []

"Google Desktop Search"="E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-26 11:43]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]

"Aate"="E:\DOCUME~1\SMIT~1.SHR\MYDOCU~1\STEM~1\cmd.exe" []

"Atca"="E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\ASKS~1\nopdb.exe" []

"Drrmb"="E:\Program Files\?ymbols\r?ndll.exe" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 19:43]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=E:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

"C:\Program Files\Ares Galaxy P2P Plus\Ares.exe" -h

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-18 16:50:10 E:\WINDOWS\tasks\Norton Security Scan.job

 

********************************************************************

 

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-26 14:22:23

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

disk error: E:\WINDOWS\

 

please note that you need administrator rights to perform deep scan

 

********************************************************************

 

Completion time: 2007-05-26 14:24:06 - machine was rebooted

E:\ComboFix2.txt ... 2007-05-25 20:09

E:\ComboFix-quarantined-files.txt ... 2007-05-26 14:23

 

--- E O F ---

 

 

Hijack This :

 

Logfile of HijackThis v1.99.1

Scan saved at 2:28:03 PM, on 5/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

E:\WINDOWS\system32\wscntfy.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Huawei\MT882\dslagent.exe

E:\WINDOWS\system32\S3tray2.exe

G:\QuickTime\qttask.exe

E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

E:\Program Files\Messenger\msmsgs.exe

E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

E:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\LimeWire\LimeWire.exe

E:\WINDOWS\system32\notepad.exe

E:\Documents and Settings\smit.SHRENIK\Desktop\hijackthis\HijackThis.exe

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {19C1A463-6F81-465C-A33D-6FE33AEEF298} - E:\WINDOWS\System32\ojgw.dll (file missing)

O2 - BHO: (no name) - {19C2FA35-3B80-1D0D-A33D-6FE33AEEAACC} - E:\WINDOWS\System32\rgzjset.dll (file missing)

O2 - BHO: (no name) - {49C1AD35-6980-1B57-A33D-6FE33AEEA9CC} - E:\WINDOWS\System32\jrle.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

O2 - BHO: (no name) - {CE721A1A-DDAA-FF2D-D97A-8BADDEB07498} - E:\WINDOWS\system32\pniucqre.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [DSLAGENTEXE] E:\Program Files\Huawei\MT882\dslagent.exe

O4 - HKLM\..\Run: [soundMan] soundman.exe

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [QuickTime Task] "G:\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] E:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sNM] E:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Aate] "E:\DOCUME~1\SMIT~1.SHR\MYDOCU~1\STEM~1\cmd.exe" -vt yazb

O4 - HKCU\..\Run: [Atca] "E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\ASKS~1\nopdb.exe" -vt yazb

O4 - HKCU\..\Run: [Drrmb] "E:\Program Files\?ymbols\r?ndll.exe"

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Google Updater.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\System32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by142fd.bay142.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179907566560

O17 - HKLM\System\CCS\Services\Tcpip\..\{482E0750-E281-4654-A3EE-E83B7CF6A1A0}: NameServer = 61.1.96.69,61.1.96.71

O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - E:\Program Files\Spyware Doctor\svcntaux.exe (file missing)

O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - E:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

Share this post


Link to post
Share on other sites

* Download OTMoveIt.exe from here and place it on your desktop:

http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

 

* Open OTMoveIt.exe.

In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:

 

E:\WINDOWS\unvise32qt.exe

E:\WINDOWS\system32\pniucqre.dll

 

Then click the MoveIt button below.

In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.

When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.

Copy and paste this log in your next reply with a new hijackthis log.

Share this post


Link to post
Share on other sites

Ot_moveit log :

File/Folder not found.

E:\WINDOWS\unvise32qt.exe moved successfully.

E:\WINDOWS\system32\pniucqre.dll unregistered successfully.

E:\WINDOWS\system32\pniucqre.dll moved successfully.

 

Created on 05/26/2007 20:11:55

 

 

Logfile of HijackThis v1.99.1

Scan saved at 8:14:49 PM, on 5/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\wscntfy.exe

E:\Program Files\Huawei\MT882\dslagent.exe

E:\WINDOWS\system32\S3tray2.exe

G:\QuickTime\qttask.exe

E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

E:\Program Files\Messenger\msmsgs.exe

E:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\LimeWire\LimeWire.exe

E:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

E:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe

E:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Documents and Settings\smit.SHRENIK\Desktop\hijackthis\HijackThis.exe

 

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {19C1A463-6F81-465C-A33D-6FE33AEEF298} - E:\WINDOWS\System32\ojgw.dll (file missing)

O2 - BHO: (no name) - {19C2FA35-3B80-1D0D-A33D-6FE33AEEAACC} - E:\WINDOWS\System32\rgzjset.dll (file missing)

O2 - BHO: (no name) - {49C1AD35-6980-1B57-A33D-6FE33AEEA9CC} - E:\WINDOWS\System32\jrle.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [DSLAGENTEXE] E:\Program Files\Huawei\MT882\dslagent.exe

O4 - HKLM\..\Run: [soundMan] soundman.exe

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [QuickTime Task] "G:\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] E:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [sNM] E:\Program Files\SpyNoMore\SNM.exe /startup

O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Aate] "E:\DOCUME~1\SMIT~1.SHR\MYDOCU~1\STEM~1\cmd.exe" -vt yazb

O4 - HKCU\..\Run: [Atca] "E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\ASKS~1\nopdb.exe" -vt yazb

O4 - HKCU\..\Run: [Drrmb] "E:\Program Files\?ymbols\r?ndll.exe"

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Google Updater.lnk = E:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\System32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by142fd.bay142.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179907566560

O17 - HKLM\System\CCS\Services\Tcpip\..\{482E0750-E281-4654-A3EE-E83B7CF6A1A0}: NameServer = 61.1.96.69,61.1.96.71

O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - E:\Program Files\Spyware Doctor\svcntaux.exe (file missing)

O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - E:\Program Files\Spyware Doctor\swdsvc.exe (file missing)

Share this post


Link to post
Share on other sites

* Please open hijackthis and put a check next to the following:

 

O2 - BHO: (no name) - {19C1A463-6F81-465C-A33D-6FE33AEEF298} - E:\WINDOWS\System32\ojgw.dll (file missing)

O2 - BHO: (no name) - {19C2FA35-3B80-1D0D-A33D-6FE33AEEAACC} - E:\WINDOWS\System32\rgzjset.dll (file missing)

O2 - BHO: (no name) - {49C1AD35-6980-1B57-A33D-6FE33AEEA9CC} - E:\WINDOWS\System32\jrle.dll (file missing)

O4 - HKCU\..\Run: [Aate] "E:\DOCUME~1\SMIT~1.SHR\MYDOCU~1\STEM~1\cmd.exe" -vt yazb

O4 - HKCU\..\Run: [Atca] "E:\DOCUME~1\SMIT~1.SHR\APPLIC~1\ASKS~1\nopdb.exe" -vt yazb

O4 - HKCU\..\Run: [Drrmb] "E:\Program Files\?ymbols\r?ndll.exe"

 

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

 

* After thaztn reboot your system and post a new hijackthis log here and tell me how everyting is working.

Share this post


Link to post
Share on other sites
Sign in to follow this