Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan man is messing me up!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan man is messing me up!

Unread postby erenales » December 20th, 2008, 7:30 pm

I've been helped by Odd Dude (O.D.) who's been tremendous help. Though due to my lack of response, I have to post new topic.

....this is where I left off, if the new helper can continue. However, please let me know if you want to do something else. Thanks in advance.

Last response from previous thread:
ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without expert guidance.

ComboFix uses very brute tactics to rip malware off your system. Do not panic if your antivirus software warns you about the file.

:!: Please disable all your antivirus software and antispyware software BEFORE running ComboFix!! :!:

* Download ComboFix from here and save it to your desktop
* Disable ALL antivirus/antimalware programs before proceeding!
* Now start ComboFix
* The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it.
* If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts. When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
* Do not touch the computer AT ALL while ComboFix is running!
* When finished, the report will open. Reenable your protection software and post the log in your next reply


If you cannot connect to the internet after running ComboFix, plug the cable/reciever/whatever you use to connect to the internet out and back in.

Post back: (this is quite a lot of stuff, so feel free to split it over multiple posts if it's needed)
- combofix log
- new hijackthis log
- new uninstall list
- how is the computer running?
erenales
Active Member
 
Posts: 11
Joined: November 22nd, 2008, 1:22 pm
Advertisement
Register to Remove

Re: Trojan man is messing me up!

Unread postby erenales » December 20th, 2008, 7:31 pm

ComboFix log:
ComboFix 08-12-20.01 - Edgar 2008-12-20 12:29:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.493 [GMT -8:00]
Running from: c:\documents and settings\Edgar\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Edgar\Application Data\gadcom
c:\documents and settings\Edgar\Application Data\GetModule
c:\documents and settings\Edgar\Application Data\GetModule\dicik.gz
c:\documents and settings\Edgar\Application Data\GetModule\kwdik.gz
c:\documents and settings\Edgar\Application Data\GetModule\ofadik.gz
c:\documents and settings\Edgar\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Common\helper.dll
c:\program files\Common\helper.sig
c:\program files\GetModule
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\Mjcore
c:\program files\Video Add-on
c:\windows\IE4 Error Log.txt
c:\windows\system32\khfFYOHY.dll
c:\windows\system32\psYccccf.ini
c:\windows\system32\psYccccf.ini2
c:\windows\system32\ssqRJyYr.dll
c:\windows\system32\vaaccnjq.dll
c:\windows\system32\wpv381227390376.cpx
c:\windows\system32\wpv891226787518.cpx
c:\windows\system32\xxyaxUmK.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-13 14:48 . 2008-12-18 13:42 1,589,605 ---hs---- c:\windows\system32\ifowuvuv.ini
2008-12-10 21:00 . 2008-12-11 22:31 1,644,376 ---hs---- c:\windows\system32\opumotif.ini
2008-12-07 10:01 . 2008-12-09 12:40 1,564,089 ---hs---- c:\windows\system32\ajibarev.ini
2008-12-06 12:38 . 2008-12-06 12:38 1,428,212 ---hs---- c:\windows\system32\olanerik.ini
2008-12-06 00:18 . 2008-12-06 00:18 1,428,212 ---hs---- c:\windows\system32\ahudajun.ini
2008-12-02 08:49 . 2008-12-02 08:49 674,816 --a------ c:\windows\system32\nsrC.dll
2008-11-25 20:13 . 2008-11-25 20:13 78,636 --a------ c:\windows\system32\xlglqqvgseqqrwclc.exe
2008-11-25 20:13 . 2008-12-03 19:56 53,942 --a------ c:\windows\system32\cont_adsoftinc-remove.exe
2008-11-23 13:44 . 2008-11-23 13:44 <DIR> d-------- c:\program files\Webtools
2008-11-22 21:12 . 2008-11-22 21:12 25,600 --a------ c:\windows\system32\mlJApPHx.dll
2008-11-21 22:19 . 2008-11-21 22:19 <DIR> d-------- c:\program files\Trend Micro
2008-11-21 17:44 . 2008-11-21 17:44 230 --a------ c:\windows\system32\spupdsvc.inf
2008-11-21 17:36 . 2008-12-20 12:16 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-21 17:36 . 2008-11-21 17:37 1,641,321 ---hs---- c:\windows\system32\qjnccaav.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 20:31 --------- d-----w c:\program files\Common
2008-11-26 04:19 --------- d-----w c:\program files\Azureus
2008-11-16 20:39 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-16 20:38 --------- d-----w c:\program files\AVG
2008-11-16 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-14 06:33 --------- d-----w c:\documents and settings\Edgar\Application Data\Move Networks
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-12-02 16:49 642,048 ----a-w c:\program files\mozilla firefox\components\nsadsoftinc.dll
2008-09-09 20:39 65,217 --sha-w c:\windows\system32\gibuyata.dll
2008-09-09 20:38 89,088 --sha-w c:\windows\system32\jahamure.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{142af284-f74e-a116-901f-984514500e2a}]
2008-12-02 08:49 674816 --a------ c:\windows\system32\nsrC.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 36975]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"EPSON Stylus CX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE" [2005-02-01 98304]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"6cc20251"="c:\windows\system32\vuvuwofi.dll" [2008-12-13 85694]

c:\documents and settings\Edgar\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ ecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe"=
"c:\\Program Files\\a-squared Free\\a2service.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-16 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-16 231704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;c:\windows\system32\DRIVERS\atinysxx.sys [2005-07-03 93696]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;c:\windows\system32\DRIVERS\atinyvxx.sys [2005-07-03 185344]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;c:\windows\system32\DRIVERS\atinyuxx.sys [2005-07-03 75776]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;c:\windows\system32\Drivers\ATIUTD.sys [2005-07-03 38912]
S3 gkmixern;gkmixern;\??\c:\docume~1\Edgar\LOCALS~1\Temp\gkmixern.sys []
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;c:\windows\system32\DRIVERS\atinyttx.sys [2005-07-03 13824]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f8ac631-fdb6-11dc-a2bd-000e9b01a74b}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ea295a7-e17c-11dc-a2b8-000e9b01a74b}]
\Shell\AutoRun\command - f:\wd_windows_tools\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1bb33913-a2c5-4385-95e5-cef4c52a6a65} - c:\windows\system32\pijahudu.dll
BHO-{592871eb-c52b-4d71-81e8-e4b0fbda8ab2} - c:\windows\system32\xzykci.dll
BHO-{8DDED7E9-5A17-45A9-A615-A554E630F252} - c:\windows\system32\fccccYsp.dll
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-GetModule27 - c:\program files\GetModule\GetModule27.exe
HKLM-Run-kotejovazi - c:\windows\system32\litovelu.dll
HKLM-Run-CPM6ff131cd - c:\windows\system32\gejaneme.dll
HKLM-Run-ATIModeChange - Ati2mdxx.exe
Notify-ssqNHaYQ - ssqNHaYQ.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll
FF - ProfilePath - c:\documents and settings\Edgar\Application Data\Mozilla\Firefox\Profiles\djdwwvl2.Default User\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\nsadsoftinc.dll
FF - plugin: c:\documents and settings\Edgar\Application Data\Mozilla\Firefox\Profiles\djdwwvl2.Default User\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07075003.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 12:43:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Java\jre1.5.0_02\bin\jucheck.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-12-20 12:56:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-20 20:55:38

Pre-Run: 2,958,811,136 bytes free
Post-Run: 3,321,610,240 bytes free

206 --- E O F --- 2008-11-14 03:05:37
erenales
Active Member
 
Posts: 11
Joined: November 22nd, 2008, 1:22 pm

Re: Trojan man is messing me up!

Unread postby erenales » December 20th, 2008, 7:33 pm

HiJack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:32:47 PM, on 12/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: adsoftinc - {142af284-f74e-a116-901f-984514500e2a} - C:\WINDOWS\system32\nsrC.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [6cc20251] rundll32.exe "C:\WINDOWS\system32\vuvuwofi.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://a716.ac-images.myspacecdn.com/im ... 8db80b.jpg
O24 - Desktop Component 1: (no name) - http://by107fd.bay107.hotmail.msn.com/c ... otmail.com
O24 - Desktop Component 2: (no name) - http://myspace-651.vo.llnwd.net/00715/1 ... 2651_m.jpg

--
End of file - 8024 bytes
erenales
Active Member
 
Posts: 11
Joined: November 22nd, 2008, 1:22 pm

Re: Trojan man is messing me up!

Unread postby erenales » December 20th, 2008, 7:34 pm

New Uninstall list:
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe Captivate 3
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Premiere Pro 2.0
Adobe Reader 8.1.0
Adobe Setup
Adobe Setup
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe® Photoshop® Album Starter Edition 3.2
Apple Mobile Device Support
Apple Software Update
a-squared Free 3.0
AVG Free 8.0
Citrix ICA Web Client
Combined Community Codec Pack 2007-07-22
Contextual Platform Adsoftinc
Core FTP LE 1.3c
DAO
DivX Codec
Drug Lord 2
DVD Shrink 3.2
EPSON CX 4200 4800 Guide
EPSON Printer Software
EPSON Scan
FLV Player 1.3.3
getPlus(R)_dll
Google Toolbar for Firefox
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 2
LAN-Express AS IEEE 802.11 Wireless LAN
Lightroom
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic ISO Maker v5.4 (build 0245)
MegaStat 9.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Age of Empires Gold
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 7 Ultra Edition
PDF Settings
Picasa 2
PowerDVD
QuickTime
Realtek AC'97 Audio
RON Tool Adsoftinc
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SoftV92 Data Fax Modem with SmartCP
Sony ACID Music Studio 6.0
Sony Sound Forge Audio Studio 8.0
Spybot - Search & Destroy 1.3
TBS WMP Plug-in
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
URGE
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinPhlash
WinRAR archiver
erenales
Active Member
 
Posts: 11
Joined: November 22nd, 2008, 1:22 pm

Re: Trojan man is messing me up!

Unread postby NonSuch » December 22nd, 2008, 3:39 am

We're sorry, but your topic has been closed.

We're sorry, but due to "bumping" your topic it is highly unlikely that you would have received a response. Our helpers are looking for topics with zero responses. When you post replies to your own topic, it no longer has zero responses, and so it appears that you have received help when in fact, you have not.

If you still require help, please open a new thread in the Malware Removal forum and wait for assistance. DO NOT reply to your own topic until you have received a response from a helper. Be patient. There are others who have been waiting far longer than you, so do not expect an immediate reply. If your situation is emergent and you require immediate help, then we suggest you take your computer to a trusted local shop where they may be able to begin work on it much sooner than any of the volunteer-supported free sites such as this one.

Thank you for your cooperation.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware