Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan vundo - please help. [Closed] [Solved]

Started by fac33 , Nov 06 2009 06:17 PM

  • This topic is locked This topic is locked

#1
fac33
Posted 06 November 2009 - 06:17 PM

fac33

    Member

  • Member
  • PipPip
  • 48 posts
AVG 8.5 indicates our PC is infected with the trojan vundo. The Super AntiSpyware scan also found this virus but was unable to remove it (each new Super AntiSpyware scan indicates it's still present even though the virus files were supposed to be deleted). Malwarebytes didnot indicate any viruses. Below are my scan logs. Being still a newbie, I would appreciate any assistance.


-----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:23 PM, on 11/6/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Users\jklm\Downloads\(1) Security\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SBC_McciTrayApp] C:\Program Files\AT&T\Self Support Tool\ATTTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [luzogezur] Rundll32.exe "c:\PROGRA~2\jekugiyu\jekugiyu.dll",a
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [luzogezur] Rundll32.exe "c:\progra~2\jekugiyu\jekugiyu.dll",a
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)" -"http://www.americang...ion=sketchbook"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [joromidusa] Rundll32.exe "C:\ProgramData\vumefesa\vumefesa.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\PROGRA~2\jekugiyu\jekugiyu.dll,C:\ProgramData\jiluteku\jiluteku.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: harovufos - {6a7ffcfe-70a5-44d2-bd62-86cfc988b779} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8509 bytes

-----------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/06/2009 at 03:34 PM

Application Version : 4.21.1004

Core Rules Database Version : 4236
Trace Rules Database Version: 2132

Scan type : Complete Scan
Total Scan Time : 01:00:14

Memory items scanned : 338
Memory threats detected : 0
Registry items scanned : 7140
Registry threats detected : 0
File items scanned : 27581
File threats detected : 23

Adware.Tracking Cookie
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@mediaplex[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@fastclick[2].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@atdmt[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@questionmarket[2].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@specificclick[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@interclick[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@advertising[2].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@tribalfusion[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@doubleclick[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@apmebf[2].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@specificmedia[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@trafficmp[2].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@doubleclick[2].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@collective-media[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@insightexpressai[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\jklm@questionmarket[1].txt



-----------------------
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6000 (Safe Mode)

11/6/2009 2:05:31 PM
mbam-log-2009-11-06 (14-05-31).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 224176
Time elapsed: 40 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#2
fenzodahl512
Posted 06 November 2009 - 09:49 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
  • 0

#3
fac33
Posted 06 November 2009 - 11:44 PM

fac33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here is the log; thanks!

ComboFix 09-11-06.03 - jklm 11/06/2009 21:16.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.982 [GMT -8:00]
Running from: c:\users\jklm\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 05:21 . 2009-11-07 05:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-07 05:21 . 2009-11-07 05:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-06 16:46 . 2009-11-06 16:46 -------- d-----w- C:\VundoFix Backups
2009-11-06 13:54 . 2009-11-06 13:54 4045527 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-05 23:02 . 2009-11-06 02:37 -------- d-----w- c:\programdata\jiluteku
2009-11-05 23:02 . 2009-11-06 02:29 -------- d-----w- c:\programdata\vozalozi
2009-11-05 23:02 . 2009-11-06 02:29 -------- d-----w- c:\programdata\pazileze
2009-11-05 23:01 . 2009-11-06 02:29 -------- d-----w- c:\programdata\layamela
2009-11-05 23:01 . 2009-11-06 16:33 -------- d-----w- c:\programdata\jekugiyu
2009-11-05 23:01 . 2009-11-06 02:29 -------- d-----w- c:\programdata\mabajapa
2009-11-05 23:00 . 2009-11-05 23:02 -------- d-----w- c:\programdata\zumihege
2009-11-05 23:00 . 2009-11-05 23:02 -------- d-----w- c:\programdata\luvijuna
2009-11-05 23:00 . 2009-11-05 23:02 -------- d-----w- c:\programdata\bonujeto
2009-10-21 16:46 . 2009-10-21 16:45 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-10-17 16:45 . 2009-10-17 16:45 2025752 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 04:56 . 2009-03-30 05:01 117760 ----a-w- c:\users\jklm\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 00:40 . 2009-07-24 00:16 680 ----a-w- c:\users\jklm\AppData\Local\d3d9caps.dat
2009-11-06 22:27 . 2008-09-12 06:23 4096 d-----w- c:\programdata\avg8
2009-11-06 13:54 . 2008-09-12 13:25 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 22:57 . 2009-10-03 22:57 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 22:57 . 2009-10-03 22:57 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 22:57 . 2009-10-03 22:57 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 22:57 . 2009-10-03 22:57 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 22:56 . 2009-10-03 22:56 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 22:56 . 2009-10-03 22:56 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 22:56 . 2009-10-03 22:56 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 22:55 . 2009-10-03 22:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-03 22:55 . 2009-10-03 22:55 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-09-26 04:00 . 2007-12-04 04:34 4096 d-----w- c:\users\jklm\AppData\Roaming\Apple Computer
2009-09-25 02:47 . 2009-09-25 02:46 4096 d-----w- c:\program files\iTunes
2009-09-25 02:47 . 2009-09-25 02:46 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-25 02:46 . 2009-09-25 02:46 -------- d-----w- c:\program files\iPod
2009-09-25 02:46 . 2007-12-04 04:30 -------- d-----w- c:\program files\Common Files\Apple
2009-09-25 02:44 . 2009-09-25 02:44 -------- d-----w- c:\program files\Bonjour
2009-09-25 02:43 . 2009-09-25 02:43 4096 d-----w- c:\program files\QuickTime
2009-09-25 02:38 . 2007-12-04 04:29 -------- d-----w- c:\programdata\Apple
2009-09-24 04:27 . 2008-04-08 03:57 8192 d-----w- c:\program files\MediaMonkey
2009-09-22 00:09 . 2009-09-22 00:09 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-13 10:07 . 2009-09-13 10:07 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4A23.tmp.exe
2009-09-12 15:07 . 2009-09-12 15:07 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD3D3.tmp.exe
2009-09-12 00:55 . 2009-09-12 00:55 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbFEED.tmp.exe
2009-09-11 09:09 . 2009-09-11 09:09 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbBFF.tmp.exe
2009-09-10 22:54 . 2008-09-12 13:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 22:53 . 2008-09-12 13:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-29 02:42 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-18 16:37 . 2009-03-08 16:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-18 16:37 . 2008-09-12 06:24 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-18 16:37 . 2008-09-12 06:24 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2007-09-05 16:45 . 2007-09-05 16:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-11-07_04.56.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-11-07 04:57 67780 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-17 01:06 . 2009-11-07 04:57 7202 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2296283253-215777900-395999709-1000_UserData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-05 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-14 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-14 138008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-02 29744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-5 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 23:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9/11/2008 10:24 PM 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 1:07 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 1:07 PM 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/8/2009 8:01 AM 297752]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 1:07 PM 7408]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/5/2007 1:18 AM 29744]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 21:21
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\jklm\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_03F0&PID_0811\MY27KD6005OH\Device Parameters\Functions]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_03F0&PID_0811\MY27KD6005OH\Device Parameters\Policy]
@DACL=(02 0000)
"CreditOnZeroLength"=dword:00000001
"PiggyBackCredit"=dword:00000001
"LogStreamData"=dword:00000000
"AskCreditAfterWrite"=dword:00000001
"CommandPacketTwoParts"=dword:00000001
"UseInterruptEndPoint"=dword:00000000
"Dot4UsbSynchronization"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_03F0&PID_0811\MY27KD6005OH\Device Parameters\Services]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_03F0&PID_0811\MY27KD6005OH\Device Parameters\Timeout]
@DACL=(02 0000)
"InterByteTimeout"=dword:000001f4
"StandardPacketTimeout"=dword:00000bb8
"CreditTimeout"=dword:00001388
"PingTimer"=dword:00002710
.
Completion time: 2009-11-07 21:23
ComboFix-quarantined-files.txt 2009-11-07 05:23
ComboFix2.txt 2009-11-07 04:58

Pre-Run: 336,463,822,848 bytes free
Post-Run: 336,424,882,176 bytes free

- - End Of File - - 72C277582E8ADC87A23338375D727E43
  • 0

#4
fenzodahl512
Posted 06 November 2009 - 11:57 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Folder::
c:\programdata\jiluteku
c:\programdata\vozalozi
c:\programdata\pazileze
c:\programdata\layamela
c:\programdata\jekugiyu
c:\programdata\mabajapa
c:\programdata\zumihege
c:\programdata\luvijuna
c:\programdata\bonujeto

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_03F0&PID_0811\MY27KD6005OH\Device Parameters\Functions]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_03F0&PID_0811\MY27KD6005OH\Device Parameters\Policy]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_03F0&PID_0811\MY27KD6005OH\Device Parameters\Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USB\VID_03F0&PID_0811\MY27KD6005OH\Device Parameters\Timeout]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#5
fac33
Posted 07 November 2009 - 12:38 AM

fac33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Next log; thanks:

ComboFix 09-11-06.03 - jklm 11/06/2009 22:21.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2037.965 [GMT -8:00]
Running from: c:\users\jklm\Desktop\Combo-Fix.exe
Command switches used :: c:\users\jklm\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\bonujeto
c:\programdata\bonujeto\bonujeto.dll.tmp
c:\programdata\jekugiyu
c:\programdata\jiluteku
c:\programdata\layamela
c:\programdata\luvijuna
c:\programdata\luvijuna\luvijuna.dll.tmp
c:\programdata\mabajapa
c:\programdata\pazileze
c:\programdata\vozalozi
c:\programdata\zumihege
c:\programdata\zumihege\zumihege.dll.tmp

.
((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 06:25 . 2009-11-07 06:29 -------- d-----w- c:\users\jklm\AppData\Local\temp
2009-11-07 06:25 . 2009-11-07 06:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-07 06:25 . 2009-11-07 06:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-06 16:46 . 2009-11-06 16:46 -------- d-----w- C:\VundoFix Backups
2009-11-06 13:54 . 2009-11-06 13:54 4045527 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-21 16:46 . 2009-10-21 16:45 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-10-17 16:45 . 2009-10-17 16:45 2025752 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 06:31 . 2009-03-30 05:01 117760 ----a-w- c:\users\jklm\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 00:40 . 2009-07-24 00:16 680 ----a-w- c:\users\jklm\AppData\Local\d3d9caps.dat
2009-11-06 22:27 . 2008-09-12 06:23 4096 d-----w- c:\programdata\avg8
2009-11-06 13:54 . 2008-09-12 13:25 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 22:57 . 2009-10-03 22:57 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 22:57 . 2009-10-03 22:57 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 22:57 . 2009-10-03 22:57 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 22:57 . 2009-10-03 22:57 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 22:56 . 2009-10-03 22:56 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 22:56 . 2009-10-03 22:56 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 22:56 . 2009-10-03 22:56 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 22:55 . 2009-10-03 22:55 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-03 22:55 . 2009-10-03 22:55 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-09-26 04:00 . 2007-12-04 04:34 4096 d-----w- c:\users\jklm\AppData\Roaming\Apple Computer
2009-09-25 02:47 . 2009-09-25 02:46 4096 d-----w- c:\program files\iTunes
2009-09-25 02:47 . 2009-09-25 02:46 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-25 02:46 . 2009-09-25 02:46 -------- d-----w- c:\program files\iPod
2009-09-25 02:46 . 2007-12-04 04:30 -------- d-----w- c:\program files\Common Files\Apple
2009-09-25 02:44 . 2009-09-25 02:44 -------- d-----w- c:\program files\Bonjour
2009-09-25 02:43 . 2009-09-25 02:43 4096 d-----w- c:\program files\QuickTime
2009-09-25 02:38 . 2007-12-04 04:29 -------- d-----w- c:\programdata\Apple
2009-09-24 04:27 . 2008-04-08 03:57 8192 d-----w- c:\program files\MediaMonkey
2009-09-22 00:09 . 2009-09-22 00:09 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-13 10:07 . 2009-09-13 10:07 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4A23.tmp.exe
2009-09-12 15:07 . 2009-09-12 15:07 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD3D3.tmp.exe
2009-09-12 00:55 . 2009-09-12 00:55 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbFEED.tmp.exe
2009-09-11 09:09 . 2009-09-11 09:09 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbBFF.tmp.exe
2009-09-10 22:54 . 2008-09-12 13:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 22:53 . 2008-09-12 13:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-29 02:42 . 2009-08-29 02:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-08-29 02:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-18 16:37 . 2009-03-08 16:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-18 16:37 . 2008-09-12 06:24 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-18 16:37 . 2008-09-12 06:24 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2007-09-05 16:45 . 2007-09-05 16:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-11-07_04.56.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-05 09:27 . 2009-11-07 06:30 36584 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-07 06:30 67812 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:02 . 2009-11-07 04:52 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-11-07 05:42 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-05 09:27 . 2009-11-07 05:42 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-09-05 09:27 . 2009-11-07 04:52 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-17 01:06 . 2009-11-07 06:30 7266 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2296283253-215777900-395999709-1000_UserData.bin
+ 2009-11-07 06:26 . 2009-11-07 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-07 04:48 . 2009-11-07 04:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-07 06:26 . 2009-11-07 06:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-07 04:48 . 2009-11-07 04:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-09-05 09:27 . 2009-11-07 05:42 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-05 09:27 . 2009-11-07 04:52 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-05 1006264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-14 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-14 138008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-02 29744]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"combofix"="c:\combo-fix\CF13967.exe" [2009-11-07 320000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-5 50688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 23:28 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9/11/2008 10:24 PM 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/3/2008 1:07 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/3/2008 1:07 PM 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/8/2009 8:01 AM 297752]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/3/2008 1:07 PM 7408]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/5/2007 1:18 AM 29744]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070905
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 22:29
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2009-11-07 22:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 06:34
ComboFix2.txt 2009-11-07 05:23
ComboFix3.txt 2009-11-07 04:58

Pre-Run: 336,472,186,880 bytes free
Post-Run: 336,477,270,016 bytes free

- - End Of File - - 781CE9945B5CF989D922284188CED01D
  • 0

#6
fenzodahl512
Posted 07 November 2009 - 06:56 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :)
  • 0

#7
fenzodahl512
Posted 12 November 2009 - 03:13 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
fenzodahl512
Posted 19 November 2009 - 05:21 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
reopen as per requested.. first of all, how's the computer now? :)
  • 0

#9
fac33
Posted 24 November 2009 - 09:29 AM

fac33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Greetings, the computer seems to be fine. The EST Scan shows okay. SuperAntispyware still shows Adware Tracking cookie but this can be addressed through a cookie cleaner. Thanks for your help!

________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:24 AM, on 11/17/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wuauclt.exe
C:\Users\jklm\Downloads\(1) Security\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)" -"http://www.americang...ion=sketchbook"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8277 bytes


___________________________________


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

___________________________________


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/17/2009 at 00:24 AM

Application Version : 4.21.1004

Core Rules Database Version : 4280
Trace Rules Database Version: 2156

Scan type : Complete Scan
Total Scan Time : 00:49:40

Memory items scanned : 536
Memory threats detected : 0
Registry items scanned : 7119
Registry threats detected : 0
File items scanned : 27540
File threats detected : 8

Adware.Tracking Cookie
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\Low\jklm@atdmt[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\Low\jklm@collective-media[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\Low\jklm@doubleclick[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\Low\jklm@hitbox[1].txt
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Cookies\Low\jklm@invitemedia[1].txt
  • 0

#10
fenzodahl512
Posted 24 November 2009 - 11:27 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#11
fac33
Posted 30 November 2009 - 10:52 PM

fac33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi, ran the OTC. I think things look good. Here are my logs below.
By the way, should I continue to run OTC in the future to take care of adware tracking?
Thanks again!

--------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:37 AM, on 11/30/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\jklm\Downloads\(1) Security\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)" -"http://www.americang...ion=sketchbook"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7942 bytes

---------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/30/2009 at 06:25 AM

Application Version : 4.21.1004

Core Rules Database Version : 4318
Trace Rules Database Version: 2177

Scan type : Complete Scan
Total Scan Time : 00:32:30

Memory items scanned : 536
Memory threats detected : 0
Registry items scanned : 7122
Registry threats detected : 0
File items scanned : 27571
File threats detected : 0
  • 0

#12
fenzodahl512
Posted 01 December 2009 - 07:14 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts

By the way, should I continue to run OTC in the future to take care of adware tracking?


Yes you may.. I will close this topic now :)
  • 0

#13
fenzodahl512
Posted 01 December 2009 - 07:14 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP