Jump to content

Recurring system32\gaopdxcounter infection


Recommended Posts

Haven't been able to shake this despite multiple scans/cleanups. Here are the log files - thanks much for any help you can provide.

Malwarebytes' Anti-Malware 1.35

Database version: 1904

Windows 5.1.2600 Service Pack 2

3/28/2009 7:44:59 AM

mbam-log-2009-03-28 (07-44-

59).txt

Scan type: Full Scan

(C:\|D:\|E:\|F:\|)

Objects scanned: 186300

Time elapsed: 1 hour(s), 32

minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32

\gaopdxcounter (Trojan.Agent) ->

Quarantined and deleted

successfully.

Logfile of Trend Micro

HijackThis v2.0.2

Scan saved at 9:15:57 AM, on

3/28/2009

Platform: Windows XP SP2 (WinNT

5.01.2600)

MSIE: Internet Explorer v7.00

(7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-

Aware\AAWService.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\CTSvcCDA.EXE

C:\Program Files\ESET\ESET NOD32

Antivirus\ekrn.exe

C:\Program Files\Java\jre6

\bin\jqs.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\Program

Files\Synaptics\SynTP\SynTPLpr.e

xe

C:\Program

Files\Synaptics\SynTP\SynTPEnh.e

xe

C:\Program

Files\Compaq\EAB\EabServr.exe

C:\WINDOWS\system32

\spool\drivers\w32x86\3

\hpztsb05.exe

C:\WINDOWS\system32\hphmon04.exe

C:\Program

Files\Winamp\winampa.exe

C:\Program

Files\QuickTime\qttask.exe

C:\Program Files\ESET\ESET NOD32

Antivirus\egui.exe

C:\Program Files\Java\jre6

\bin\jusched.exe

C:\Program Files\Lavasoft\Ad-

Aware\AAWTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program

Files\NetMeter\NetMeter.exe

C:\Program Files\Google\Google

Updater\GoogleUpdater.exe

C:\Program Files\Linksys\WPC11

Config Utility\WPC11Cfg.exe

C:\Program Files\Common

Files\Microsoft Shared\Works

Shared\wkcalrem.exe

C:\Program Files\Internet

Explorer\iexplore.exe

C:\Program

Files\ESTsoft\ALZip\ALZip.exe

C:\Program Files\Hewlett-

Packard\HP Share-to-

Web\hpgs2wnf.exe

C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?

LinkId=69157

R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL

=

http://go.microsoft.com/fwlink/?

LinkId=54896

R1 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://rd.yahoo.com/customize/ye

ssentials_cq/defaults/sb/*http:/

/www.yahoo.com/search/ie.html

R0 -

HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page =

R1 -

HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title =

Microsoft Internet Explorer

provided by Compaq

R1 -

HKCU\Software\Microsoft\Windows\

CurrentVersion\Internet

Settings,ProxyOverride =

127.0.0.1

O2 - BHO: AcroIEHelperStub -

{18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - C:\Program

Files\Common

Files\Adobe\Acrobat\ActiveX\Acro

IEHelperShim.dll

O2 - BHO: XBTBPos00 - {A50B6E91

-4081-4B37-BEA1-AD98A3CD51BA} -

(no file)

O2 - BHO: Google Toolbar Helper

- {AA58ED58-01DD-4d91-8333-

CF10577473F7} - C:\Program

Files\Google\Google

Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar

Notifier BHO - {AF69DE43-7D58-

4638-B6FA-CE66B5AD205D} -

C:\Program

Files\Google\GoogleToolbarNotifi

er\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary

Compression sdch - {C84D72FE-

E17D-4195-BB24-76C02E2E7C4E} -

C:\Program Files\Google\Google

Toolbar\Component\fastsearch_219

B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV

Helper - {DBC80044-A445-435b-

BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl

- {E7E6F031-17CE-4C07-BC86-

EABFE594F69C} - C:\Program

Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dl

l

O3 - Toolbar: (no name) -

{F8CC9B08-C14F-4A5C-B73B-

518AFECC067A} - (no file)

O3 - Toolbar: &Google Toolbar -

{2318C2B1-4965-11d4-9B18-

009027A5CD4F} - C:\Program

Files\Google\Google

Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run:

[ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA]

atiptaxx.exe

O4 - HKLM\..\Run: [synTPLpr]

C:\Program

Files\Synaptics\SynTP\SynTPLpr.e

xe

O4 - HKLM\..\Run: [synTPEnh]

C:\Program

Files\Synaptics\SynTP\SynTPEnh.e

xe

O4 - HKLM\..\Run: [eabconfg.cpl]

C:\Program

Files\Compaq\EAB\EabServr.exe

/Start

O4 - HKLM\..\Run: [srmclean]

C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Microsoft

Works Portfolio] C:\Program

Files\Microsoft Works\WksSb.exe

/AllUsers

O4 - HKLM\..\Run: [Microsoft

Works Update Detection]

C:\Program Files\Microsoft

Works\WkDetect.exe

O4 - HKLM\..\Run: [Cpqset]

c:\compaq\cpqsetup\cpqset.exe

O4 - HKLM\..\Run: [HPDJ Taskbar

Utility] C:\WINDOWS\system32

\spool\drivers\w32x86\3

\hpztsb05.exe

O4 - HKLM\..\Run: [HPHmon04]

C:\WINDOWS\system32\hphmon04.exe

O4 - HKLM\..\Run: [HPHUPD04]

"C:\Program Files\HP Photosmart

11

\hphinstall\UniPatch\hphupd04.ex

e"

O4 - HKLM\..\Run: [WinampAgent]

C:\Program

Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [QuickTime

Task] "C:\Program

Files\QuickTime\qttask.exe" -

atboottime

O4 - HKLM\..\Run: [egui]

"C:\Program Files\ESET\ESET

NOD32 Antivirus\egui.exe" /hide

/waitservice

O4 - HKLM\..\Run:

[sunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader

Speed Launcher] "C:\Program

Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Ad-Watch]

C:\Program Files\Lavasoft\Ad-

Aware\AAWTray.exe

O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg]

C:\Program

Files\Google\GoogleToolbarNotifi

er\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [C:\Program

Files\NetMeter\NetMeter.exe]

C:\Program

Files\NetMeter\NetMeter.exe

O4 - HKUS\S-1-5-18\..\Run:

[DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1

\DW\dwtrig20.exe" -t (User

'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run:

[DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1

\DW\dwtrig20.exe" -t (User

'Default user')

O4 - Global Startup: Google

Updater.lnk = C:\Program

Files\Google\Google

Updater\GoogleUpdater.exe

O4 - Global Startup: Instant

Wireless Configuration

Utility.lnk = C:\Program

Files\Linksys\WPC11 Config

Utility\WPC11Cfg.exe

O4 - Global Startup: Microsoft

Works Calendar Reminders.lnk = ?

O8 - Extra context menu item:

E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3

\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1

\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com -

{CD67F990-D8E9-11d2-98FE-

00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) -

{e2e2dd38-d088-4134-82b7-

f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-

f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem:

Windows Messenger - {FB5F1910-

F110-11d2-BB9E-00C04F795683} -

C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra button: Advisor -

{76026873-0935-499C-B66A-

9FF5EEF45BEA} - C:\Program

Files\COMPAQ\Compaq

Advisor\bin\rbaLauncher.exe

(file missing) (HKCU)

O14 - IERESET.INF:

START_PAGE_URL=http://store.pres

ario.net/scripts/redirectors/pre

sario/storeredir2.dll?

s=consumerfav&c=1c02&lc=0409

O16 - DPF: {6414512B-B978-451D-

A0D8-FCFDF33E833C} (WUWebControl

Class) -

http://update.microsoft.com/wind

owsupdate/v6/V5Controls/en/x86/c

lient/wuweb_site.cab?

1129670123054

O16 - DPF: {6A344D34-5231-452A-

8A57-D064AC9B7862} (Symantec

Download Manager) -

https://webdl.symantec.com/activ

ex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-

879C-DC1FA91D2FC3} (MUWebControl

Class) -

http://update.microsoft.com/micr

osoftupdate/v6/V5Controls/en/x86

/client/muweb_site.cab?

1131444448316

O16 - DPF: {CE28D5D2-60CF-4C7D-

9FE8-0F47A3308078}

(ActiveDataInfo Class) -

http://www.symantec.com/techsupp

/asa/ctrl/SymAData.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-

AC72-04C2F616BCA7} (get_atlcom

Class) -

http://wwwimages.adobe.com/www.a

dobe.com/products/acrobat/nos/gp

.cab

O16 - DPF: {ED28050F-D713-43BA-

A376-DCC5C35407D5} (MsnMusicAx

Class) -

http://entimg.msn.com/client/msn

musax3503.cab

O17 -

HKLM\System\CCS\Services\Tcpip\.

.\{F0FFF07B-497E-4889-A20E-

D2E49FFB1B0D}: NameServer =

68.87.69.146,68.87.85.98

O23 - Service: Creative Service

for CDROM Access - Creative

Technology Ltd -

C:\WINDOWS\system32\CTSvcCDA.EXE

O23 - Service: Eset HTTP Server

(EhttpSrv) - ESET - C:\Program

Files\ESET\ESET NOD32

Antivirus\EHttpSrv.exe

O23 - Service: Eset Service

(ekrn) - ESET - C:\Program

Files\ESET\ESET NOD32

Antivirus\ekrn.exe

O23 - Service: getPlus® Helper

- NOS Microsystems Ltd. -

C:\Program

Files\NOS\bin\getPlus_HelperSvc.

exe

O23 - Service: InstallDriver

Table Manager (IDriverT) -

Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\11

\Intel 32\IDriverT.exe

O23 - Service: iPodService -

Apple Computer, Inc. -

C:\Program

Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick

Starter

(JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware

Service - Lavasoft - C:\Program

Files\Lavasoft\Ad-

Aware\AAWService.exe

O23 - Service: LexBce Server

(LexBceS) - Lexmark

International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Pml Driver HPH11

- HP - C:\WINDOWS\system32

\HPHipm11.exe

O23 - Service: Symantec Core LC

- Unknown owner - C:\Program

Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe

--

End of file - 9095 bytes

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, then please update your mbam (update tab > check for update), rescan and post the log in your next reply together with a new HijackThislog.

Then I'll take a look. :o

Also, important note... The current formatting of your log makes it difficult to read, so in notepad:

On top, click Format >uncheck Word Wrap

Link to post
Share on other sites

  • Staff

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.