Thread: TrojanDownloader:Win32/Renos:EE HELP!!!
View Single Post
Old 01-07-2009, 07:34 AM   #1 (permalink)
Cliozeek
Registered User
 
Join Date: Jan 2009
Posts: 2
OS: Windows XP Pro


Evil TrojanDownloader:Win32/Renos:EE HELP!!!
I'm having a problem with a Trojan virus that creates a pop-up every ten seconds and disrupts the computer. I downloaded Microsoft's Defender but it does not eliminate the problem. I'm running Windows XP Pro on a Dell Demension 8300 machine. We currently use BitDefender as virus protection. Microsoft's site claims that this is not a true virus but merely an advertisemnet scam but regardless I can't get rid of it. I've tried to restore the pc to an earlier date but it didn't take care of the issue. Can you help me as soon as possible?

Thanks

DDS (Version 1.1.0) - NTFSx86
Run by Jeff at 1731.23 on Tue 01/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1429 [GMT -5:00]

AV: BitDefender Client Professional Plus *On-access scanning disabled* (Updated)
FW: BitDefender Client Professional Plus *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Enterprise Update Service\livesrv_em.exe
C:\Program Files\Common Files\Softwin\BitDefender Local Manager\bdlm.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Visioneer\OneTouch 4.0\OtMonEx.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\QuickTime\QTTask.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\jeff\LOCALS~1\Temp\yyy74.exe
C:\DOCUME~1\jeff\LOCALS~1\Temp\~tmpb.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\DOCUME~1\jeff\LOCALS~1\Temp\~tmpd.exe
C:\Program Files\Research In Motion\BlackBerry\Redirector.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\pn6Di2Y4.exe
C:\Documents and Settings\jeff\Local Settings\Temporary Internet Files\Content.IE5\MW6HD7OP\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?referrer=theme_ign
uDefault_Page_URL = hxxp://companyweb
mDefault_Page_URL = hxxp://companyweb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {549B5CA7-4A86-11D7-A4DF-000874180BB3} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Cognac] c:\docume~1\jeff\locals~1\temp\~tmpb.exe
uRun: [MSFox] c:\docume~1\jeff\locals~1\temp\yyy74.exe
uRun: [Installer] c:\documents and settings\jeff\local settings\temporary internet files\content.ie5\d0efcp1q\setup_241_3777_[1].exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [PivotSoftware] "c:\program files\portrait displays\pivot software\wpctrl.exe"
mRun: [DT HPW] c:\program files\portrait displays\hp my display\DTHtml.exe -startup_folder
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
mRun: [BDOESRV] "c:\program files\softwin\bitdefender8\bdoesrv.exe"
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [InstantAccess] c:\progra~1\textbr~1.0\bin\INSTAN~1.EXE /h
mRun: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
mRunServices: [RegisterDropHandler] c:\progra~1\textbr~1.0\bin\REGIST~1.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blackb~1.lnk - c:\program files\research in motion\blackberry\Redirector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: disablecad = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
AppInit_DLLs: sockspy.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R4 BDLM;BitDefender Local Manager;c:\program files\common files\softwin\bitdefender local manager\bdlm.exe [2006-9-12 360448]
R4 LIVESRV_EM;BitDefender Enterprise Update Service;c:\program files\common files\softwin\bitdefender enterprise update service\livesrv_em.exe [2006-7-12 245760]
R4 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2005-4-29 106559]
R4 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\visioneer\onetouch 4.0\OtService.exe [2007-12-21 131072]
R4 QuickBooksDB18;QuickBooksDB18;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb18 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
S3 nenum13E;nenum13E;\??\c:\docume~1\john\locals~1\temp\nenum13e.sys --> c:\docume~1\john\locals~1\temp\nenum13E.sys [?]

=============== Created Last 30 ================

2009-01-05 17:16 <DIR> --d----- c:\docume~1\jeff\applic~1\VirusRemover2008
2009-01-05 17:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Solt Lake Software
2009-01-05 16:50 77,824 a------- c:\windows\system32\pn6Di2Y4.exe
2009-01-05 16:50 0 a------- c:\windows\system32\pn6Di2Y4.exe.a_a
2009-01-05 16:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2008-12-26 09:39 <DIR> --d----- c:\docume~1\jeff\applic~1\Blackberry Desktop
2008-12-26 09:23 256 a------- c:\windows\system32\pool.bin
2008-12-26 09:23 <DIR> --d----- c:\docume~1\jeff\applic~1\Research In Motion
2008-12-26 09:14 <DIR> --d----- c:\program files\common files\Sonic Shared
2008-12-26 09:14 <DIR> --d----- c:\program files\Roxio
2008-12-26 09:06 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2008-12-26 09:05 <DIR> --d----- c:\program files\common files\Research In Motion
2008-12-26 09:05 <DIR> --d----- c:\program files\Research In Motion
2008-12-26 09:01 <DIR> --dsh--- c:\windows\ftpcache

==================== Find3M ====================

2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-17 15:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-10-10 07:25 89,087 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2003-09-19 16:02 61,224 a------- c:\documents and settings\jeff\GoToAssistDownloadHelper.exe

============= FINISH: 17:07:08.28 ===============
Attached Files
File Type: zip Attach.zip (3.1 KB, 1 views)
Cliozeek is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here