Author Topic: spyware or malware help? (Read 14685 times)

flameking · « **on:** February 26, 2009, 10:48:33 PM »

O22 - SharedTaskScheduler: causes - {0fe36c74-667b-454b-828e-75e4e72cbef8} - (no file) thats from hijack this log.

Apple software Update (size 2.16 MB)
AVS4YOU software Navigator (1.2 MB)
DOA (no size)
Microsoft .NET Framework 1.1 (no size)
Microsoft .NET Framework 1.1 Hotfix [KB928366] (no size)
Microsoft .NET Framework 2.0 (59.28 MB)
MSXML 1.0 SP2[KB954430] (2.67MB)
Security Task Manager 1.7g (1.99MB)
Security Update for Windiows media encoder [KB954156] (10.84MB)
Windows Search 4.0 (no size)

these programs i don't know what they are. This is step 1

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:44 AM, on 2/25/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\SUPERMICRO\SDIII\NTService.exe
C:\WINDOWS\system32\SD3Service.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERMICRO\SDIII\Xitami\xiwinnt.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Supero Doctor III Client.lnk = C:\Program Files\SUPERMICRO\SDIII\SuperoDoctor.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O22 - SharedTaskScheduler: causes - {0fe36c74-667b-454b-828e-75e4e72cbef8} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SuperMicro Health Assistant - Unknown owner - C:\Program Files\SUPERMICRO\SDIII\NTService.exe
O23 - Service: Supero SD3Service Daemon - Unknown owner - C:\WINDOWS\system32\SD3Service.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: TridiaVNC Server (winvnc) - Tridia Corporation - C:\WINDOWS\system32\WinVNC.exe
O23 - Service: Xitami Web Server (Xitami) - Unknown owner - C:\Program Files\SUPERMICRO\SDIII\Xitami\xiwinnt.exe

--
End of file - 9923 bytes

harry 48 · « **Reply #1 on:** February 27, 2009, 01:45:23 PM »

go to the top of this page ( evilfantsy 1 st post ) and post all the logs and an expert will look at them

evilfantasy · « **Reply #2 on:** February 27, 2009, 02:01:06 PM »

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
- O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
- O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
- O22 - SharedTaskScheduler: causes - {0fe36c74-667b-454b-828e-75e4e72cbef8} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download Malwarebytes' Anti-Malware (MBAM)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

flameking · « **Reply #3 on:** February 27, 2009, 08:02:17 PM »

Scan done and the report.

Malwarebytes' Anti-Malware 1.34
Database version: 1812
Windows 5.1.2600 Service Pack 3, v.5657

2/27/2009 10:01:21 PM
mbam-log-2009-02-27 (22-01-21).txt

Scan type: Quick Scan
Objects scanned: 75461
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spywarning.warningbho (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spywarning.warningbho.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

flameking · « **Reply #4 on:** February 27, 2009, 08:04:16 PM »

Thank You evilfantasy for all your help. Thank you so much.

evilfantasy · « **Reply #5 on:** February 27, 2009, 08:18:46 PM »

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

flameking · « **Reply #6 on:** February 27, 2009, 08:31:17 PM »

the link you gave me to disable my anit-virus s not workin i have bitdefender total security 2009. the steps they gave to temporarily disable them is not workin. i dont see virus shield on my program. help

evilfantasy · « **Reply #7 on:** February 27, 2009, 08:33:45 PM »

Try running ComboFix anyway. Just allow it to run if BitDefender tries to stop it.

flameking · « **Reply #8 on:** February 27, 2009, 08:34:03 PM »

is this a anti-virus program

Bitdefender Total Security 2009

flameking · « **Reply #9 on:** February 27, 2009, 08:49:47 PM »

there you go.

ComboFix 09-02-27.02 - Administrator 2009-02-27 22:42:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.636 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\All Users\Application Data\vlc-0.9.6-win32.exe
c:\windows\system32\winio.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 )))))))))))))))))))))))))))))))
.

2009-02-27 22:41 . 2009-02-27 22:41   731   --a--c---   c:\windows\system32\BDUpdateV1.xml
2009-02-27 21:54 . 2009-02-27 21:54   <DIR>   d----c---   c:\program files\Malwarebytes' Anti-Malware
2009-02-27 21:54 . 2009-02-27 21:54   <DIR>   d----c---   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-27 21:54 . 2009-02-27 21:54   <DIR>   d----c---   c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-27 21:54 . 2009-02-11 10:19   38,496   --a--c---   c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-27 21:54 . 2009-02-11 10:19   15,504   --a--c---   c:\windows\system32\drivers\mbam.sys
2009-02-25 09:53 . 2009-02-25 09:53   <DIR>   d----c---   c:\program files\Trend Micro
2009-02-24 23:57 . 2009-02-24 23:57   <DIR>   d----c---   c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-19 09:58 . 2009-02-19 10:01   <DIR>   d----c---   c:\program files\RegCure
2009-02-19 09:39 . 2009-02-22 19:02   <DIR>   d----c---   c:\program files\Security Task Manager
2009-02-19 09:39 . 2009-02-19 09:49   <DIR>   d----c---   c:\documents and settings\All Users\Application Data\SecTaskMan
2009-02-16 00:14 . 2009-02-16 00:17   <DIR>   d----c---   c:\documents and settings\Administrator\Application Data\ErrorFix
2009-02-16 00:06 . 2009-02-16 00:06   23,392   --a--c---   c:\windows\system32\nscompat.tlb
2009-02-16 00:06 . 2009-02-16 00:06   16,832   --a--c---   c:\windows\system32\amcompat.tlb
2009-02-14 19:16 . 2009-02-14 19:16   <DIR>   d----c---   c:\documents and settings\Administrator\Application Data\Xilisoft Corporation
2009-02-14 19:15 . 2009-02-14 19:15   <DIR>   d----c---   c:\program files\Xilisoft
2009-02-14 17:52 . 2009-02-14 17:52   <DIR>   d----c---   c:\documents and settings\Guest\Application Data\Windows Desktop Search
2009-02-14 17:52 . 2009-02-14 17:52   <DIR>   d----c---   c:\documents and settings\Guest\Application Data\BitDefender
2009-02-12 13:50 . 2006-10-26 19:56   32,592   --a--c---   c:\windows\system32\msonpmon.dll
2009-02-12 13:47 . 2009-02-12 13:47   <DIR>   d----c---   c:\program files\Microsoft Works
2009-02-12 13:46 . 2009-02-12 13:46   <DIR>   d----c---   c:\program files\MSBuild
2009-02-12 13:43 . 2009-02-12 13:43   <DIR>   d----c---   c:\program files\Microsoft.NET
2009-02-12 13:40 . 2009-02-12 13:40   <DIR>   d----c---   c:\program files\Microsoft Visual Studio 8
2009-02-12 13:39 . 2009-02-12 13:45   <DIR>   d----c---   c:\windows\SHELLNEW
2009-02-12 13:38 . 2009-02-12 13:51   <DIR>   d----c---   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-12 13:37 . 2009-02-12 13:37   <DIR>   dr-h-c---   C:\MSOCache
2009-02-12 13:25 . 2009-02-12 13:25   <DIR>   d----c---   C:\ConverterOutput
2009-02-12 13:24 . 2009-02-12 13:24   <DIR>   d----c---   c:\program files\Cucusoft
2009-02-12 13:24 . 2007-03-25 00:51   3,049,984   --a--c---   c:\windows\system32\libavcodec.dll
2009-02-12 13:24 . 2007-03-25 21:40   2,174,976   --a--c---   c:\windows\system32\ffdshow.ax
2009-02-12 13:24 . 2007-03-25 00:51   404,480   --a--c---   c:\windows\system32\libmplayer.dll
2009-02-12 13:24 . 2007-01-01 05:30   200,704   --a--c---   c:\windows\system32\TomsMoComp_ff.dll
2009-02-12 13:24 . 2006-07-08 04:07   114,688   --a--c---   c:\windows\system32\PropListCtrl.ocx
2009-02-12 13:24 . 2007-03-25 00:51   114,688   --a--c---   c:\windows\system32\libmpeg2_ff.dll
2009-02-12 13:24 . 2004-09-10 13:50   34,820   --a--c---   c:\windows\system32\ffdshow.reg
2009-02-12 09:43 . 2009-02-24 15:19   <DIR>   d----c---   c:\program files\PeerGuardian2
2009-02-11 16:38 . 2009-02-27 22:42   121   --a--c---   c:\windows\bdagent.INI
2009-02-11 16:37 . 2009-02-11 16:37   <DIR>   d----c---   c:\documents and settings\Administrator\Application Data\Windows Search
2009-02-11 16:34 . 2009-02-11 16:34   <DIR>   d----c---   c:\windows\system32\GroupPolicy
2009-02-11 16:34 . 2009-02-11 16:34   <DIR>   d----c---   c:\program files\Windows Desktop Search
2009-02-11 16:34 . 2009-02-11 16:34   <DIR>   d----c---   c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2009-02-11 16:32 . 2009-02-16 00:04   <DIR>   d----c---   c:\program files\Windows Media Connect 2
2009-02-11 16:30 . 2009-02-11 16:31   <DIR>   d----c---   c:\windows\system32\drivers\UMDF
2009-02-11 16:15 . 2009-02-11 16:15   850   --a--c---   c:\windows\system32\ProductTweaks.xml
2009-02-11 16:15 . 2009-02-11 16:15   385   --a--c---   c:\windows\system32\user_gensett.xml
2009-02-11 16:04 . 2009-02-27 22:41   81,984   --a--c---   c:\windows\system32\bdod.bin
2009-02-11 15:59 . 2009-02-11 15:59   <DIR>   d----c---   c:\windows\system32\logs
2009-02-11 15:59 . 2009-02-11 15:59   <DIR>   d----c---   c:\program files\BitDefender
2009-02-11 15:59 . 2009-02-11 16:02   <DIR>   d----c---   c:\documents and settings\All Users\Application Data\BitDefender
2009-02-11 15:59 . 2009-02-11 15:59   <DIR>   d----c---   c:\documents and settings\Administrator\Application Data\BitDefender
2009-02-11 15:59 . 2009-02-11 15:59   <DIR>   d----c---   C:\Binaries
2009-02-11 15:57 . 2009-02-11 15:57   <DIR>   d----c---   c:\windows\system32\URTTemp
2009-02-11 15:50 . 2009-02-11 15:59   <DIR>   d----c---   c:\program files\Common Files\BitDefender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-28 02:40   ---------   dc----w   c:\program files\lg_fwupdate
2009-02-27 19:28   ---------   dc----w   c:\documents and settings\Administrator\Application Data\uTorrent
2009-02-25 05:11   ---------   dc----w   c:\program files\LimeWire
2009-02-14 23:52   ---------   dc----w   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 04:10   ---------   dc----w   c:\program files\7-Zip
2009-02-12 14:33   ---------   dc----w   c:\documents and settings\All Users\Application Data\WinZip
2009-02-11 21:04   104,328   -c--a-w   c:\windows\system32\drivers\bdfndisf.sys
2009-01-25 20:56   ---------   dc----w   c:\documents and settings\Administrator\Application Data\Apple Computer
2009-01-23 21:30   ---------   dc----w   c:\program files\Apple Software Update
2009-01-23 21:30   ---------   dc----w   c:\documents and settings\All Users\Application Data\Apple
2009-01-20 16:13   ---------   dc----w   c:\program files\DivX
2009-01-14 19:42   ---------   dc----w   c:\program files\CDisplay
2009-01-07 19:48   ---------   dc----w   c:\documents and settings\All Users\Application Data\ATI MMC
2009-01-07 06:44   ---------   dc----w   c:\documents and settings\Administrator\Application Data\vlc
2008-12-20 23:15   826,368   -c--a-w   c:\windows\system32\wininet.dll
2008-12-18 16:48   410,984   -c--a-w   c:\windows\system32\deploytk.dll
2008-12-11 00:33   86,016   -c--a-w   c:\windows\system32\dpl100.dll
2008-12-11 00:33   200,704   -c--a-w   c:\windows\system32\dtu100.dll
2008-12-09 02:28   593,920   -c--a-w   c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28   57,344   -c--a-w   c:\windows\system32\dpv11.dll
2008-12-09 02:28   344,064   -c--a-w   c:\windows\system32\dpus11.dll
2008-12-09 02:28   294,912   -c--a-w   c:\windows\system32\dpu11.dll
2008-10-05 19:53   22,328   -c--a-w   c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
2004-10-01 19:00   40,960   -c--a-w   c:\program files\Uninstall_CDS.exe
2002-05-28 12:19   61,440   -c--a-w   c:\windows\inf\i386\onetUSD.dll
2002-05-20 12:22   36,864   -c--a-w   c:\windows\inf\i386\Vizmicro.dll
2002-05-20 12:20   172,032   -c--a-w   c:\windows\inf\i386\viceo.dll
2002-05-20 12:02   225,280   -c--a-w   c:\windows\inf\i386\rtscan.dll
2001-08-03 22:29   13,824   -c--a-w   c:\windows\inf\i386\Usbscan.sys
2008-12-16 22:52   61,440   -c--a-w   c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2004-06-15 106571]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-12-01 15360]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 339968]
"ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 69705]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 136600]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-12-29 548864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-28 185896]
"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-05-28 86016]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-09 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Supero Doctor III Client.lnk - c:\program files\SUPERMICRO\SDIII\SuperoDoctor.exe [2008-07-23 397312]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroad cast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 ISAIONT;ISAIONT;c:\windows\system32\drivers\IsaIoNt.sys [2008-07-23 3853]
R1 MemMapNt;MemMapNt;c:\windows\system32\drivers\memmapnt.sys [2008-07-23 3908]
R1 SMBus;SMBus;c:\windows\system32\drivers\smbus.sys [2008-07-23 10112]
R1 superbmc;superbmc;c:\windows\system32\drivers\SUPERBMC.SYS [2008-07-23 14169]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-10-06 82696]
R2 SuperMicro Health Assistant;SuperMicro Health Assistant;c:\program files\SUPERMICRO\SDIII\NTService.exe [2008-07-23 131072]
R2 Supero SD3Service Daemon;Supero SD3Service Daemon;c:\windows\system32\SD3Service.exe [2008-07-23 40960]
R2 Xitami;Xitami Web Server;c:\program files\SUPERMICRO\SDIII\xitami\xiwinnt.exe [2008-07-23 552960]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-10-17 104328]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-09-18 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx   REG_MULTI_SZ     scan
.
Contents of the 'Scheduled Tasks' folder

2009-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-27 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix\ErrorFix.exe []

2009-02-27 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix []

2009-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-790525478-1417001333-500.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-04 00:32]

2009-02-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-02-13 23:20]

2009-02-26 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-02-13 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ig28otl2.default\
FF - prefs.js: browser.startup.homepage - ww.google.com
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 22:44:53
Windows 5.1.2600 Service Pack 3, v.5657 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8e,2e,5c,88,69,c3,a3,16,8f,2c,e2,70,9e,01,5e,ac,72,c1,33,82,c8,53,62,
df,5f,bc,e7,90,01,a3,5c,79,9e,f3,19,4a,c6,b7,2e,18,4b,6d,fd,df,a4,3c,c4,2c,\
"??"=hex:0f,48,1a,76,ce,fe,3d,eb,b8,9e,e1,3e,48,7b,fe,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-27 22:46:56
ComboFix-quarantined-files.txt 2009-02-28 03:46:42

Pre-Run: 105,960,312,832 bytes free
Post-Run: 106,018,836,480 bytes free

220   --- E O F ---   2009-02-27 05:01:06

evilfantasy · « **Reply #10 on:** February 27, 2009, 08:56:22 PM »

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

flameking · « **Reply #11 on:** February 27, 2009, 09:04:47 PM »

i did it in the run box. it told to disable antivirus and i did it. a blank blue screen box pop up and after a couple of seconds it said combo fix is uninstalled. that was it.

my firefox is still slow loadin up when i click on it. i dont feel anything different still the same. dont know what you mean.
i do another hijack this and post the log up again.

dude thanks for all your help. i will recommend you to others.

flameking · « **Reply #12 on:** February 27, 2009, 09:05:41 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:47 PM, on 2/27/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERMICRO\SDIII\NTService.exe
C:\WINDOWS\system32\SD3Service.exe
C:\WINDOWS\system32\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\SUPERMICRO\SDIII\Xitami\xiwinnt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Supero Doctor III Client.lnk = C:\Program Files\SUPERMICRO\SDIII\SuperoDoctor.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SuperMicro Health Assistant - Unknown owner - C:\Program Files\SUPERMICRO\SDIII\NTService.exe
O23 - Service: Supero SD3Service Daemon - Unknown owner - C:\WINDOWS\system32\SD3Service.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: TridiaVNC Server (winvnc) - Tridia Corporation - C:\WINDOWS\system32\WinVNC.exe
O23 - Service: Xitami Web Server (Xitami) - Unknown owner - C:\Program Files\SUPERMICRO\SDIII\Xitami\xiwinnt.exe

--
End of file - 9216 bytes

flameking · « **Reply #13 on:** February 27, 2009, 09:11:17 PM »

i found a way to disable the anitvirus and firewall. once you the icon on right top corner it will say switch to advanced view. another window pop up and left side of screen you will see a list and anti-virus and firewall is on the list. once you click on them you will see disable and your done.

you can reword and put in link you gave for people who has latest bitdefender.

evilfantasy · « **Reply #14 on:** February 27, 2009, 09:12:40 PM »

Have HijackThis fix this entry:

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)

Close all browsers before clicking Fix checked.

--

Do you mean when you first start Firefox? If so then that's how it is. Mine takes a while to open when it first starts also.

flameking · « **Reply #15 on:** February 27, 2009, 09:18:04 PM »

Done. Am i finally clean.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:23 PM, on 2/27/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERMICRO\SDIII\NTService.exe
C:\WINDOWS\system32\SD3Service.exe
C:\WINDOWS\system32\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\SUPERMICRO\SDIII\Xitami\xiwinnt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Supero Doctor III Client.lnk = C:\Program Files\SUPERMICRO\SDIII\SuperoDoctor.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SuperMicro Health Assistant - Unknown owner - C:\Program Files\SUPERMICRO\SDIII\NTService.exe
O23 - Service: Supero SD3Service Daemon - Unknown owner - C:\WINDOWS\system32\SD3Service.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: TridiaVNC Server (winvnc) - Tridia Corporation - C:\WINDOWS\system32\WinVNC.exe
O23 - Service: Xitami Web Server (Xitami) - Unknown owner - C:\Program Files\SUPERMICRO\SDIII\Xitami\xiwinnt.exe

--
End of file - 9096 bytes

O23 - Service: Xitami Web Server (Xitami) - Unknown owner - C:\Program Files\SUPERMICRO\SDIII\Xitami\xiwinnt.exe (what is this)

---------
what do u think of google chrome. start up is really fast when i click on it. it starts up rite away.

flameking · « **Reply #16 on:** February 27, 2009, 09:19:20 PM »

should i do a bitdefender complete scan to see if it picks up anything. i'll let you know it does.

evilfantasy · « **Reply #17 on:** February 27, 2009, 09:21:49 PM »

You can scan with BitDefender to make sure I didn't miss anything.

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

flameking · « **Reply #18 on:** February 27, 2009, 09:35:57 PM »

when click on the link spywareblaster.

the website shows to option. one being said Get Spyware Blaster with Auto Update now free.

on the bottom of webpages has company logos like sony and other thinks.

i am afraid of adware problems.

evilfantasy · « **Reply #19 on:** February 27, 2009, 09:52:03 PM »

Click HERE

flameking · « **Reply #20 on:** February 27, 2009, 09:56:01 PM »

thank you for putting up with me. i really do appreciate it. Thanks again for your help.

Now I know who to come to when i have a problem.

i still dont have my original problem fix yet. Broni is helpin me with it.

http://www.computerhope.com/forum/index.php/topic,77634.0.html

thank you, thank you, thank you.

flameking · « **Reply #21 on:** February 27, 2009, 11:05:02 PM »

i did the window update and this is updating

Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430)

i downloaded this like 10x already and still shows up in windows update.

evilfantasy · « **Reply #22 on:** February 27, 2009, 11:07:40 PM »

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

Open the folder and run Dial-a-fix.exe
2 windows will open. Close the one in the background labeled Restrictive Policies
Check the box in section 1, Empty temp folders.
Check the box in section 2, Fix Windows Installer.
Check the box in section 3, Fix Windows Update.
Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
Check all boxes in section 5, labeled Registration Center.
Click Go
OK any error messages if received, but write them down and post them here.
Restart the computer when done.

.
Now try again.

flameking · « **Reply #23 on:** February 27, 2009, 11:29:53 PM »

sry mate i'll do this tomorrow morning. its 1:30AM rite now. my body is telling me to go to sleep. i'll post tomorrow morning hope be on in the morning.

flameking · « **Reply #24 on:** February 28, 2009, 08:21:05 AM »

one error message came up Invalid floating point operation

mmcndmgr.dll is registering the problem its takin too long still not done yet. been over five already. what should i do cancel or what.

flameking · « **Reply #25 on:** February 28, 2009, 09:11:03 AM »

i canceled it over a hour and still going same thing.

did i screwed my computer?

evilfantasy · « **Reply #26 on:** February 28, 2009, 09:51:57 AM »

Start a new topic in the Windows form. Be sure to describe what's wrong. I'm not sure what to do.

Computer Hope Forum

News:

Author Topic: spyware or malware help? (Read 14685 times)

flameking

harry 48

evilfantasy

flameking

flameking

evilfantasy

flameking

evilfantasy

flameking

flameking

evilfantasy

flameking

flameking

flameking

evilfantasy

flameking

flameking

evilfantasy

flameking

evilfantasy

flameking

flameking

evilfantasy

flameking

flameking

flameking

evilfantasy