Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected - Adware.Vundo Variant/Resident


  • Please log in to reply

#1
battison10

battison10

    Member

  • Member
  • PipPip
  • 81 posts
Help please !!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/12/2008 at 10:35 AM

Application Version : 4.0.1154

Core Rules Database Version : 3430
Trace Rules Database Version: 1422

Scan type : Quick Scan
Total Scan Time : 00:11:22

Memory items scanned : 639
Memory threats detected : 1
Registry items scanned : 464
Registry threats detected : 4
File items scanned : 8066
File threats detected : 1

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\SSQPQOFF.DLL
C:\WINDOWS\SYSTEM32\SSQPQOFF.DLL

Adware.Vundo-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{051A4268-167F-4F58-85E2-93292C153F56}
HKCR\CLSID\{051A4268-167F-4F58-85E2-93292C153F56}
HKCR\CLSID\{051A4268-167F-4F58-85E2-93292C153F56}\InprocServer32
HKCR\CLSID\{051A4268-167F-4F58-85E2-93292C153F56}\InprocServer32#ThreadingModel
Note: aborted scan by accident!!




Deckard's System Scanner v20071014.68
Run by Scott on 2008-04-12 10:36:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Scott.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:40, on 12/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\cFosSpeed\cfosspeed.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Scott\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Scott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {051A4268-167F-4F58-85E2-93292C153F56} - C:\Windows\system32\ssqpqOff.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP Premium\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP Premium\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP Premium\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us...an/pestscan.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://64.81.28.29/wg_webeye.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 12007 bytes

-- Files created between 2008-03-12 and 2008-04-12 -----------------------------

2008-04-12 10:01:22 0 d-------- C:\VundoFix Backups
2008-04-11 22:07:13 345 --ahs---- C:\Windows\system32\ffOqpqss.ini2
2008-04-11 22:07:12 273408 --a------ C:\Windows\system32\ssqpqOff.dll
2008-04-09 18:34:00 1160 --a------ C:\Windows\mozver.dat
2008-04-08 19:37:56 0 d-------- C:\Users\All Users\Kontiki
2008-04-08 19:37:55 0 d-------- C:\Program Files\Kontiki
2008-04-08 19:37:40 0 d-------- C:\logs3
2008-04-07 19:37:17 0 d-------- C:\Program Files\cFosSpeed
2008-04-07 17:32:08 0 d-------- C:\Windows\system32\Adobe
2008-04-06 13:03:17 0 d-------- C:\Program Files\Portrait Professional Max 6
2008-04-06 13:00:15 0 d-------- C:\Program Files\iPod
2008-04-06 13:00:11 0 d-------- C:\Program Files\iTunes
2008-04-06 12:57:29 0 d-------- C:\Program Files\QuickTime
2008-03-30 12:09:12 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-03-30 12:09:11 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-03-30 09:05:24 0 d-------- C:\Users\All Users\Malwarebytes
2008-03-30 09:05:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-27 20:25:43 0 d-------- C:\Program Files\EDraw1.6.4
2008-03-23 23:14:10 0 d-------- C:\Users\All Users\Apple Computer
2008-03-23 23:13:37 0 d-------- C:\Program Files\Apple Software Update
2008-03-23 23:08:46 0 d-------- C:\Program Files\Common Files\Apple
2008-03-23 23:08:45 0 d-------- C:\Users\All Users\Apple
2008-03-22 20:45:08 0 d-------- C:\Users\Scott\{6a9bee41-a652-41da-8090-b8c18593a4be}
2008-03-22 12:49:17 4440 --a------ C:\Windows\system32\tmp.reg
2008-03-20 23:45:20 0 d-------- C:\Program Files\Common Files\GeoVid
2008-03-20 23:45:19 60416 --a------ C:\Windows\system32\dsetup.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-03-20 20:59:07 1732 --a------ C:\Windows\system32\drivers\nvphy.bin
2008-03-18 18:54:29 0 d-------- C:\Program Files\Poker Superstars II
2008-03-18 18:46:05 0 d-------- C:\Program Files\ReflexiveArcade
2008-03-18 08:10:36 0 d-------- C:\Program Files\DAP Premium
2008-03-16 10:43:23 0 d-------- C:\Windows\system32\directx


-- Find3M Report ---------------------------------------------------------------

2008-04-11 20:48:17 0 d-------- C:\Users\Scott\AppData\Roaming\uTorrent
2008-04-11 20:38:25 0 d-------- C:\Program Files\Google
2008-04-11 20:37:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-10 21:26:09 0 d-------- C:\Users\Scott\AppData\Roaming\DMCache
2008-04-09 18:10:27 0 d-------- C:\Program Files\Windows Mail
2008-04-09 06:32:46 0 d-------- C:\Program Files\SpywareGuard
2008-04-06 14:13:09 0 d-------- C:\Program Files\Navman
2008-04-06 13:57:21 0 d-------- C:\Program Files\MagicISO
2008-04-06 13:03:20 0 d-------- C:\Users\Scott\AppData\Roaming\Anthropics
2008-04-03 19:58:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-03 19:40:49 0 d-------- C:\Users\Scott\AppData\Roaming\Adobe
2008-04-03 19:04:14 0 d-------- C:\Program Files\Common Files
2008-04-03 06:50:19 0 d-------- C:\Program Files\Axis Communications
2008-04-02 20:27:31 0 d-------- C:\Users\Scott\AppData\Roaming\OtakuSoftware
2008-04-02 06:37:35 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-30 09:05:50 0 d-------- C:\Users\Scott\AppData\Roaming\Malwarebytes
2008-03-24 00:55:54 0 d-------- C:\Program Files\IncrediMail
2008-03-23 23:27:30 0 d-------- C:\Program Files\Bonjour
2008-03-23 22:43:23 255 --a------ C:\Users\Scott\AppData\Roaming\iPod Access v4 Prefs
2008-03-23 22:30:00 0 d-------- C:\Program Files\Wide Angle Software
2008-03-23 22:29:56 0 d-------- C:\Program Files\iPod Access for Windows
2008-03-22 20:45:03 0 d-------- C:\Program Files\Realtek
2008-03-22 12:48:51 0 d-------- C:\Users\Scott\AppData\Roaming\IDM
2008-03-21 23:42:40 668 --a------ C:\Users\Scott\AppData\Roaming\vso_ts_preview.xml
2008-03-21 20:27:50 0 d-------- C:\Users\Scott\AppData\Roaming\Vso
2008-03-20 20:02:54 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-20 19:57:12 0 d-------- C:\Users\Scott\AppData\Roaming\SUPERAntiSpyware.com
2008-03-20 19:56:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-20 19:43:40 174 --ahs---- C:\Program Files\desktop.ini
2008-03-19 23:24:49 0 d-------- C:\Program Files\Windows Calendar
2008-03-19 23:24:45 0 d-------- C:\Program Files\Windows Sidebar
2008-03-19 23:24:45 0 d-------- C:\Program Files\Movie Maker
2008-03-19 23:24:39 0 d-------- C:\Program Files\Windows Photo Gallery
2008-03-19 23:24:18 0 d-------- C:\Program Files\Windows Defender
2008-03-18 19:04:53 0 d-------- C:\Users\Scott\AppData\Roaming\funkitron
2008-03-14 20:13:41 0 d-------- C:\Program Files\Xara
2008-03-14 20:13:40 0 d-------- C:\Program Files\Common Files\Xara
2008-03-14 19:35:52 0 d-------- C:\Program Files\Ulead Systems
2008-03-14 19:26:02 0 d-------- C:\Program Files\DVDPean Pro 5.6.0
2008-03-14 19:21:39 0 d-------- C:\Program Files\MixVibesDVS
2008-03-14 18:59:34 0 d-------- C:\Program Files\Java
2008-03-11 20:38:16 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-11 20:24:17 0 d-------- C:\Program Files\Windows Live
2008-03-11 07:54:19 0 d-------- C:\Program Files\Norton Internet Security
2008-03-11 07:54:18 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-09 11:02:28 0 d-------- C:\Program Files\DivX
2008-03-09 10:33:21 0 d-------- C:\Program Files\Internet Download Manager
2008-03-09 10:26:32 0 d-------- C:\Program Files\Xilisoft
2008-03-09 08:44:24 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-08 16:34:25 0 d-------- C:\Program Files\Magic Swf2Gif
2008-03-07 19:41:48 0 d-------- C:\Program Files\Microsoft Silverlight
2008-03-06 08:05:46 0 d-------- C:\Program Files\vso
2008-03-06 08:05:41 55 --a------ C:\Users\Scott\AppData\Roaming\pcouffin.log
2008-03-06 08:05:40 47360 --a------ C:\Users\Scott\AppData\Roaming\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-06 08:05:40 1144 --a------ C:\Users\Scott\AppData\Roaming\pcouffin.inf
2008-03-06 08:05:40 7887 --a------ C:\Users\Scott\AppData\Roaming\pcouffin.cat
2008-03-05 07:54:33 0 d-------- C:\Program Files\ESI
2008-03-04 18:33:33 0 d-------- C:\Program Files\Common Files\Nokia
2008-03-04 18:33:32 0 d-------- C:\Program Files\Nokia
2008-03-04 08:09:21 0 d-------- C:\Program Files\DJ Music Mixer
2008-03-03 20:19:32 666833 --a------ C:\Users\Scott\AppData\Roaming\NMM-MetaData.db
2008-03-03 20:04:53 0 d-------- C:\Users\Scott\AppData\Roaming\LimeWire
2008-03-02 11:20:45 0 d-------- C:\Program Files\SoundSpectrum
2008-03-02 11:20:14 0 d-------- C:\Users\Scott\AppData\Roaming\SoundSpectrum
2008-02-21 18:44:28 0 d-------- C:\Users\Scott\AppData\Roaming\Thinstall
2008-02-17 20:10:30 0 d-------- C:\Users\Scott\AppData\Roaming\DVDPeanSoftware
2008-02-12 19:24:11 0 --a------ C:\Windows\nsreg.dat
2008-02-12 19:24:05 0 d-------- C:\Users\Scott\AppData\Roaming\Mozilla
2008-02-12 19:11:11 0 d-------- C:\Program Files\Common Files\Java
2008-02-08 20:15:46 2560 --a------ C:\Windows\_MSRSTRT.EXE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{051A4268-167F-4F58-85E2-93292C153F56}]
11/04/2008 22:07 273408 --a------ C:\Windows\system32\ssqpqOff.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 08:38]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [28/09/2006 14:42]
"RtHDVCpl"="RtHDVCpl.exe" [15/01/2008 11:26 C:\Windows\RtHDVCpl.exe]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [21/11/2006 17:08]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [05/02/2007 15:52]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 08:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [28/11/2007 20:51]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03/12/2007 15:21]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [11/12/2007 18:06]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [11/12/2007 18:06]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [11/12/2007 18:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [22/08/2007 16:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE Privacy Keeper"="C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [03/12/2005 14:52]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [23/03/2006 00:13]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [17/02/2005 02:15]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [20/03/2008 20:02]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [27/02/2008 17:56]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 8:05:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]
"{8E1BFC0E-8AD2-424D-AC8A-06038481516E}"= C:\Windows\system32\xxywTJBT.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Scott^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^U46DJ Control Panel.lnk]
path=C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\U46DJ Control Panel.lnk
backup=C:\Windows\pss\U46DJ Control Panel.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPService]
"C:\Program Files\HP\DVDPlay\DPService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R800]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE /FU "C:\Windows\TEMP\E_SFCB5.tmp" /EF "HKCU"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-12 10:38:46 ------------
  • 0

Advertisements


#2
battison10

battison10

    Member

  • Topic Starter
  • Member
  • PipPip
  • 81 posts
New log which may help

Malwarebytes' Anti-Malware 1.11
Database version: 616

Scan type: Full Scan (C:\|)
Objects scanned: 204058
Time elapsed: 59 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\ssqpqOff.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e886a1e8-44d9-4e59-a7ec-be254fee50b2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e886a1e8-44d9-4e59-a7ec-be254fee50b2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e1bfc0e-8ad2-424d-ac8a-06038481516e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8e1bfc0e-8ad2-424d-ac8a-06038481516e} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\ssqpqOff.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ffOqpqss.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ffOqpqss.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP